DoS vulnerabilities in Wireshark

Tuesday, November 25th, 2008

The pre-release version 1.0.5 of Wireshark, the network protocol analyser (or "packet sniffer"), has eliminated a vulnerability that could make it crash. It is reported that the error occurs during the analysis of over-long SMTP requests to a server. When the final version 1.0.5 will appear is still unknown, but ...

Microsoft Communicator vulnerable to DoS attacks

Tuesday, November 18th, 2008

According to a report by VoIPshield, a VoIP security service provider, Microsoft's Office Communications Server (OCS), Office Communicator and Windows Messenger contain vulnerabilities that can be exploited for Denial of Service attacks. The applications can be crashed using specially crafted packets. VoIPshield does not want to release more detailed information until ...

Vulnerability discovered in SSH specification

Monday, November 17th, 2008

According to the UK-based Centre for the Protection of National Infrastructure (CPNI), an error in the secure shell protocol (SSH) specification can in rare cases be exploited to reconstruct part of the plain text. According to their description of the error, the standard OpenSSH configuration allows 32 bits of plain ...

Once Thought Safe, WPA Wi-Fi Encryption Is Cracked

Friday, November 7th, 2008

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will ...

Adobe fixes clickjacking flaw

Thursday, October 16th, 2008

Adobe Systems has released a new version of its Flash Player software, fixing a critical security bug that could make the Internet a dangerous place for Web surfers. The new Flash Player 10 software, released Wednesday, fixes security flaws in Adobe's multimedia software including bugs that could allow hackers to pull ...