-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2014-0001
Synopsis:VMware Workstation, Player, Fusion, ESXi, ESX and vCloud
Director address several security issues
On 16 January 2014 18:44, wrote:
> Bonus points for finding a standard that provides enough *actual* security
> that it is worth doing, but yet won't bankrupt the industry. Consider that
> of all the credit-card breaches we've seen so far this century, something
> outrageous like 97% of the vict
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
XPD - XPD Advisory
https://xpd.se
Enghouse Interactive IVR Pro (VIP2000) remote root
authentication bypass Vulnerability
Advisory ID: XPD-2013-001
CVE reference: CVE-2013-6838
Affec
On Thu, Jan 16, 2014 at 09:44:07AM PST, valdis.kletni...@vt.edu spake thusly:
> Consider that of all the credit-card breaches we've seen so far this century,
> something outrageous like 97% of the victim companies had current audits that
> listed them as being 100% PCI compliant at the time of the
On Wed, Jan 15, 2014 at 3:28 PM, Scott Helme wrote:
> The BrightBox router is the standard equipment issued by UK ISP Everything
> Everywhere (EE) to its subscribers.
>
> The device not only leaks sensitive data but is remotely exploitable too. An
> attacker even has the ability to take control of
Totally agree with the driving drunk analogy. I mean, we say that car
manufacturers and airplane companies have to run their systems to agreed
standards. And this is done in such a way that safety on the roads and in
skies improves. So why can it not be done for the IT industry? Nobody talks
about
So really there's nothing to do then. We just have to accept that large
corporations will continue to roll out products with poor security and
that's the way it will always be. A good environment to make some money in
as a security consultant I guess!? If you can go in to pentest and find
some easy
On Thu, Jan 16, 2014 at 12:44 PM, wrote:
> On Thu, 16 Jan 2014 11:30:18 +, Dan Ballance said:
>
>> So your point is that there should be legislation to require companies to
>> adhere to certain security standards? I'd support that - particularly in an
>> ISP market which is clearly defined by
On Thu, 16 Jan 2014 14:52:37 +, Dan Ballance said:
> Well users do care about getting hacked when it happens - so maybe they do
> need to be forced to pay a little more to be secure. This also has benefits
> for e-commerce and on-line banking, credit card fraud etc
Actually, the entire credit
What I don't understand about everyone's scepticism here is it seems like
nobody thinks security can be improved and that we shouldn't be shocked
when large corporations roll out hopelessly insecure kit. How do you think
we can best protect the consumer then?
On 16 January 2014 17:44, wrote:
>
On Thu, 16 Jan 2014 11:30:18 +, Dan Ballance said:
> So your point is that there should be legislation to require companies to
> adhere to certain security standards? I'd support that - particularly in an
> ISP market which is clearly defined by national boundaries and law.
OK.. What standard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:006
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:005
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:004
http://www.mandriva.com/en/support/security/
__
Hello list,
Understanding of cultural differences is not racism. It is understanding and
appreciation of the diversity of our World.
So, I would not being apologetic to mentioning that "country culture" affects
software development. "Culture" is very broad term to explain not only how
people eat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:003
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:002
http://www.mandriva.com/en/support/security/
__
This is the FINAL CALL to submit your research papers for the 5th annual
HITB Security Conference in Amsterdam (#HITB2014AMS) taking place at De
Beurs van Berlage from the 27th - 30th of May 2014.
Initial round of selected CFP submissions:
http://haxpo.nl/hitb2014ams-conference/#speakers
#HITB20
Well users do care about getting hacked when it happens - so maybe they do
need to be forced to pay a little more to be secure. This also has benefits
for e-commerce and on-line banking, credit card fraud etc - so there are
definitely companies who will benefit from reduced on-line crime so maybe
t
True, some sort of legislation might do the trick, but there is always
this nasty question which we all really hate: who is going to pay for
that? We can't burden national budgets with stuff like that, ISPs do
not produce more than they are paid by customers, so... end users! So
technically, we'll
So your point is that there should be legislation to require companies to
adhere to certain security standards? I'd support that - particularly in an
ISP market which is clearly defined by national boundaries and law.
I do agree with you this is probably to do with cheap out-sourcing, as well
as s
No sir, I believe I should have been more explicit at that than I was
-- I did not mean to say it is about nationalities. What I meant was a
simple matter of development costs when hiring personnel, and I think
you won't argue that a developer in UK costs less than a developer in
e.g. China or Paki
May be off-topic but your rant got me wondering as to way suddenly
nationalities are brought into picture when bad coding/security practices,
etc, are being discussed. Is it really the culture of these countries (you
mentioned India, Pakistan and China) that encourages slip-shod,
corner-cutting wor
> Absolutely shocking lack of security considerations.
Is it, really? I've got a feeling that companies don't give a s--t
about your data, your privacy, and so on (proved by numerous examples
out there), unless absolutely required to do so by law, and there is a
good reason behind that. It is not
What a great write up and what an appalling mess for a UK ISP to be in in
2014. Absolutely shocking lack of security considerations. Thanks for
sharing this. I've just followed you on Twitter as well,
cheers,
Dan.
On 15 January 2014 20:28, Scott Helme wrote:
> The BrightBox router is the stan
25 matches
Mail list logo