Vendors/Products - Page 58
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Despite being informed six months ago of a potentially serious security hole that may exist in Ethernet device drivers, many leading software and hardware manufacturers have yet to indicate whether their products contain the vulnerability. The vulnerability concerns the way . . .
Some SSH clients and servers have buffer overflows in the key exchange initialization and startup code that may be exploitable by a remote attacker in a denial-of-service attack or, under some conditions, allow the execution of arbitrary code as the root . . .
Security software and hardware makers should not have to submit their products for mandatory performance testing, a federal advisory council said Wednesday. Members of the National Infrastructure Advisory Council (NIAC), a presidentially appointed panel, voted during a conference call Wednesday . . .
Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks. . .
Theft happens. And in the case of notebook computers, it happens a lot. When preventive measures fail and a notebook is stolen, the focus then becomes recovery. One breed of recovery products tracks the machine via an agent that notifies . . .
Frank submits IP Security Validator is an experimental tool that allows validation of Virtual Private Network (VPN) configurations between two network interfaces. As with testing connectivity using the Ping program, IP Security Validator enables verification and validation of VPN . . .
Security researchers have discovered a set of vulnerabilities in several vendors' implementations of the SSHv2 protocol that could give an attacker the ability to execute code on remote machines. The new flaws are especially dangerous in that they occur before authentication . . .
Several vulnerabilities have been found in the MySQL database system, a light database package commonly used in Linux environments but which runs also on Microsoft platforms, HP-Unix, Mac OS and more. . .
Sigaba Corp. has extended a test of a secure instant messaging product to include more financial services, health care and government organizations. The company will unveil its Sigaba Secure Instant Messaging software in April 2003 but wants to make sure the . . .
I report on a lot of software vulnerabilities, and I try to weed out the unimportant ones. But there's no real way to know in advance which ones will be exploited and which ones cybervandals will essentially ignore. . .
T/bone SecureMail Gateway is a central, server based software solution which provides encryption and digital signatures for the entire email traffic of an organization. It works with a single organizational certificate and transparently provides its services to end users. T/bone automatically . . .
The OpenSSL project team is pleased to announce the release of version 0.9.6h of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release. This will be the last release in the 0.9.6 series. . .
The Security Technologies group at the San Diego Supercomputer Center (SDSC) is pleased to announce the early availability of "SDSC secure syslog" (), a replacement for the standard Linux/UNIX syslog daemon that adds security and performance features, while . . .
Newly formed PGP Corp. took a big step Monday toward endearing itself to cryptography enthusiasts and privacy advocates by releasing the source code for its flagship line of encryption products. The code for the entire PGP 8.0 line--which was also introduced . . .
Internet Security Systems, which has been criticized for publicly releasing information about security problems in software before giving application developers time to deal with holes, has issued a revised set of guidelines for how it will handle security warnings. . .
With the development of smart cards technology mirroring that of the PC development, Linux is also beginning to appear as a contender on the smart card frontier as well. According to Wang Jiping, chief technology officer of China MobileSoft Ltd., Linux . . .
Internet Security Systems Inc. on Monday released to the public the vulnerability disclosure guidelines that its internal X-Force research team uses in identifying flaws and notifying vendors and the public. The guidelines are fairly standard and include a provision that is becoming more and more common among security vendors that also do vulnerability research.. . .
Comdex Fall 2002 was far from previous year's heights, but still continues to function as a smorgasbord for the information technology world. No surprise, then, that some security companies were there serving up products. . .
Steve Grubb submits: Env_audit is a program that ferrets out everything it can about the environment. It is ideal for looking for security problems due to misconfiguration or software bugs. Software developers that write any program that shells out to . . .
An apparent delay in the availability of patches for the vulnerabilities in BIND that were disclosed earlier this week is once again highlighting the seemingly endless debate over when and to whom vulnerability data should be. . .