Clientless SSL VPN Vulnerability

Tuesday, December 1st, 2009

Web browsers enforce the same origin policy to prevent one site's active content (such as JavaScript) from accessing or modifying another site's data. For instance, active content hosted at http:///page1.html can access DOM objects on http:///page2.html, but cannot access objects hosted at http:///page.html. Many clientless SSL VPN products retrieve content ...

VirtualBox 3.1.0 released

Monday, November 30th, 2009

Sun today released VirtualBox 3.1.0, a major update introducing teleportation, branched snapshots, 2D video acceleration for Windows guests, more flexible storage management and much more. See the ChangeLog for details. Download:http://www.virtualbox.org/wiki/Downloads

Numerous vulnerabilities in VMware products

Tuesday, November 24th, 2009

VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. Most of the vulnerabilities are in Java, Tomcat and the kernel and have been known for some time. Some of them can be exploited to compromise a system, however, ...

Metasploit 3.3 released

Wednesday, November 18th, 2009

Nearly one year after the release of Metasploit 3.2, the Metasploit Project developers have announced the availability of version 3.3 of the Metasploit Framework. The comprehensive programming framework for developing exploits for vulnerabilities is used by security researchers, penetration testers and black hat crackers alike. The latest release includes a ...

Most security products fail to perform

Monday, November 16th, 2009

Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report. The “ICSA Labs Product Assurance Report” - co-authored by the Verizon Business Data Breach Investigations Report research ...