Home » 2010 » January » 05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201001-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: NTP: Denial of Service
     Date: January 03, 2010
     Bugs: #290881
       ID: 201001-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A Denial of Service condition in ntpd can cause excessi ... Read more »
Views: 694 | Added by: b1zz4rd | Date: 2010-01-05 | Comments (0)

DeepToad can generate signatures, clusterize files and/or directories
and compare them. It's inspired in the very good tool ssdeep [1] and, in
fact, both projects are very similar.

The complete project is written in pure python and is distributed under
the LGPL license [2].

Links:
Project's Web Page http://code.google.com/p/deeptoad/
Download Web Page http://code.google.com/p/deeptoad/downloads/list
Wiki http://code.google.com/p/deeptoad/w/list

References:
[1] http://ssdeep.sourceforge.net/
[2] http://www.gnu.org/licenses/lgpl.html
Views: 696 | Added by: b1zz4rd | Date: 2010-01-05 | Comments (0)

==============================
========================================

                    Secunia Research 04/01/2010

- PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
... Read more »
Views: 2975 | Added by: b1zz4rd | Date: 2010-01-05 | Comments (0)

The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC
Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks
that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is
to serve as a reference guide for common attacks and weaknesses.

Main goals
- Refine document scope, terminology, and purpose
- Update existing sections when applicable
- Add missing attacks and weaknesses
- Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various
 forms of data representation
- Addition of attack and weakness reference identifiers (WASC-<xx>)
- Publication of two data views


WASC Threat Classification v2.0 Online
http://projects.webappsec.org/ ... Read more »
Views: 636 | Added by: b1zz4rd | Date: 2010-01-05 | Comments (0)

Intel just released updated drivers for their ethernet network adaptors,
see
<http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17906&ProdId=3025&lang=eng>
and
<http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18518&ProdId=3025&lang=eng>
for example.

Unfortunately ALL these driver packages but contain an outdated and
unsupported "Microsoft Visual C++ 2008 Runtime", repackaged as
VC90_CRT_{x86,ia64,x64}.msi and violating Microsofts redistribution
rules, which installs VULNERABLE runtime DLLs.

See <http://support.microsof ... Read more »
Views: 588 | Added by: b1zz4rd | Date: 2010-01-05 | Comments (0)