Spoken Word Services » IT-Security

Spoken Word Services Blog » Tag Archives for tag 'IT-Security'

Black Hat USA 2006 Topics and Speakers

tags: IT-Security, Syndication & Feeds, Technology
date: Monday, 21st August 2006
author: DavidDonSco
comments: no comments »

Is this of interest to us? do we know about it?

Black Hat USA 2006 Topics and Speakers: “Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
Robert Auger, Security Engineer, SPI Dynamics Inc., Co-Founder, Web Application Security Consortium
Caleb Sima, CTO and Co-Founder, SPI Dynamics

This presentation will discuss the use of RSS and Atom feeds as method of delivering exploits to client systems. In our research we have found a number of RSS clients, both local and web-based, that are far too trusting of the content that is delivered via feeds. Although this content arrives as well-formed XML, fundamentally it originated as user input elsewhere. Like any such data, it can contain malicious and mal-formed content, yet many clients fail to guard against this. And though such content by definition originates remotely, many clients use methods of display that cause it to be trusted as if it were locally originated.

“

(Via .)

Focus shifts to single sign-on

tags: IT-Security, Open source, Technology
date: Thursday, 13th April 2006
author: Aidan Johnston
comments: no comments »

In its modern usage, Shibboleth refers to catchwords that distinguish members
of a group from outsiders; it is an appropriate name, therefore, for a
technology that is providing secure access to public sector resources. VUNET has published a very interesting article looking at Shibboleth and its adoption here in UK and Europe.

“Higher education advisory organisation the Joint Information Systems
Committee (Jisc) is using Shibboleth, an open source software development, to
create a federated access management (FAM) system for education users.

The Jisc system will be launched in September and rolled out across education
institutions over the next two years.”

Read the full article here.

Wired News: Cisco Security Hole a Whopper

tags: IT-Security
date: Sunday, 31st July 2005
author: admin
comments: no comments »

OOPs

Wired News: Cisco Security Hole a Whopper: “Search: Cisco Security Hole a Whopper Page 1 of 2 next »By Kim Zetter | Also by this reporter03:40 PM Jul. 27, 2005 PTLAS VEGAS — A bug discovered in an operating system that runs the majority of the world’s computer networks would, if exploited, allow an attacker to bring down the nation’s critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.Michael Lynn, a former research analyst with Internet Security Systems1, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here”