Title: Google Talk Beta Messenger cleartext credentials in process memory
Affected versions: 1.0.0.64 (this version is believed to be the first one released to the public)
Vendor contacted: 25/08/05
Patched version released: 29/08/05
Advisory released: 28/11/05
Author: pagvac (Adrian Pastor)
Homepage: www.ikwt.com – In Knowledge We Trust
Advisory URL: www.adrianpv.com/projects/google-talk-cleartext-credentials-in-process-memory.txt
Description
Google Talk stores all user credentials (username and password) in clear-text in the [...]

Posted in Exploits and Bugs No Comments »

Hello Lists,
I am using Cisco pix 525. I have got problem with PIX firewall 525,
Interfaces ( inside, outside)
continuously “up-down” when I use with large traffic ( about 10Mb), but It
works fine when traffic less then 10 mb. Is any one has anyidea.
Any Suggestion are most welcome !!!
Regards,
NAVTEJ KOHLI
* I’ve seen this before…
Make sure all ur [...]

Posted in Q & A No Comments »

A friend asked me to audit his firewall at work.
Honestly, I have no clue even though googled for many days.
In this context, I am planning to audit the firewall as follows: Any
comments/suggestions are welcome.
1) The placement or location of the firewall
2) Vulnerability scanning the firewall from outside, e.g., Internet
3) The rulebase or security policy [...]

Posted in Q & A No Comments »

Dear All,
Is there any tool/method that allow me to detect the IPs of users who are using IM (Instant Messaging i.e. MSN messenger, Yahoo messenger, ICQ, etc) and P2P (Peer-2-Peer programs such Kazaa) in our network?
Thanks
* Try any Forward Proxy (you can try squid!!!).With that you can put
access controls based on the user network,user,ports to [...]

Posted in Q & A No Comments »

It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can inject
arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE’S NO NEED TO HAVE ACCESS TO THE WEB SERVER! Once the code has [...]

Posted in Q & A No Comments »

hello,
I have a “Working” network who is totally disconnected (physically)
from the Internet.
people do the “search” on the “Internet ” computers and then go on the
“work” computers for analyse and the store the data.
The Question is: I would need a anti virus on the “work” computers and
I should be able to update the virus database daily [...]

Posted in Q & A No Comments »