Mistormel Security

SCADA systems are used to monitor or to control chemical, physical or transport processes, in municipal water supply systems, to control electric power distribution and generation, gas and oil pipelines, and other distributed processes.

A recent update in Nessus plugins, only avalaible at the moent for Direct Feed and Security Center users include the plugins to analyze the vulnerabilities of SCADA systems.

For more information and see what are the plugins included in this release you can obtain more information in the Tenable Security Blog 

Also the people from Tenable added a new webinar: SCADA: Active and Passive Monitoring

Using the new funcionality of Google, the Google Co-op, a tool to create a personalized and more specific search engine, we have create the Computer Security Search Engine. TRY IT!

You can collaborate with us to make it more powerful!

Search engines haphazardly collect extremely private data. Searchers often solicit financial, health, or legal advice online under the veil of perceived anonymity. Credit card companies, health organizations, Universities, and virtually all other industries must follow particular rules and regulations about the collection and dissemination of user information, yet search engines are exempt from most of these regulations even though they collect similar, if not more private, data.

“Pound Privacy” is a campaign to create the first standard for search engine query privacy. The implementation is fairly straightforward: If you append the phrase “#privacy” at the end of a query on any search engine or site search, your query should not be tracked by IP or cookie, and should not be made public in keyword tools. It is that simple.

A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.

You can use a the test from Secunia, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

A temporary solution is disable the active scripting support.

More Info:

Secunia Advisory

Ipswitch Technology Focus Seminars (TFS) address the challenges and opportunities small and mid-sized businesses face in understanding and using networking technology, not just from a technology standpoint, but from a business standpoint. TFS are different because they are aimed squarely at owners, managers and IT professionals at small and mid-sized companies.

The next Ipswitch Technology Focus Seminar dates and places:

* Belgium on 23rd of October 2006
* France on 24th of October 2006
* London on the 26th of October 2006
* Madrid on 30th of October 2006
* Frankfurt on 31st of October 2006
* Dortmund, 14th November 2006
* Munich, 23rd of November 2006

To register to the events you can go here, and here to see the agenda.

More info on the TFS page.

In simplehelp.net review 10 alternatives to the file manager windows explorer. A complete review with screenshots and download links.

This is the list of the alternatives:

A43
Ac Browser Plus
Directory Opus
ExplorerXP
Far Manager
FileMatrix
freeCommander
PowerDesk Pro/Standard
SpeedCommander
Total Commander
XPlorer
xplorer²

The full review here. Our favorite  Total Commander (is the fastest!).

The next 13, 14 and 15 of October an international HackMeeting will be celebrated in Mataró (Spain), Santiago (Chile) and Chicago (USA) at the same time.
Hackmeeting is a meeting of digital communities and countercultures. Three days of workshops, games, parties, debates, exchanges of viewpoints and ideas and common learning. Hacking as an attitude: this is their vision, not just computer knowledge. Hackmeeting is free and self-managed encounter that turns around the new technologies, their social implications, the free circulation of knowledges and techniques, the privacy, the collective creation, and much more. Using the technology like a tool to transform the social reality.

The places:

• Hackmeeting Mataró : Social Center la Fibra.

• Hackmeeting Santiago: Research center Escenika AKI.
• Hackmeeting Chicago: 2159 W 21st PL Chicago.

The first hackmeeting born in Florence the 1998 and since then they have annually been repeated in Italy.

More info:

Italy Hackmeeting.

SANS is offering a vast array of hands-on management and security training at SANS New Orleans 2006. With the collaboration of Chris Brenton, Eric Cole, Ed Skoudis, and others, that will teach the following courses:

MGT 404: Fundamentals of Information Security Policy
MGT 421: SANS Leadership and Management Competencies
MGT 512: SANS Security Leadership Essentials For Managers with Knowledge Compression(TM)
SEC 401: SANS Security Essentials Bootcamp Style
SEC 502: Perimeter Protection In-Depth
SEC 504: Hacker Techniques, Exploits & Incident Handling
SEC 505: Securing Windows
SEC 517: Cutting-Edge Hacking Techniques - Hands On
SEC 528: Java Security Auditing
SEC 615: LAMP - Secure Internet Presence
SEC 617: Assessing and Securing Wireless Networks

Join SANS New Orleans 2006, from November 14 to 21, 2006.

On 10 October 2006 Microsoft is planning to release:

Security Updates

* Six Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

* Four Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

* One Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

More Info:

Technet Security

In this How to Guide instructs Solaris system administrators and security professionals in the process of securing
common Web servers.

Administrators are guided step-by-step through the process and at the end of the guide should be able to:

• Create a basic Solaris Container for hosting applications
• Configure the Apache2 Web server to run in a Solaris Container
• Use User and Process Rights Management to reduce application privileges
• Use the Solaris Service Manager to reduce security risk of a Container
• Share data securely between two Containers

You can download this guide here.