2006.09.07 Daily Security Reading
by Rodney Campbell on Sep.07, 2006, under Security
New Apache Compliance Audit Policy
Tenable's research team has released a Nessus 3 audit policy file which can be used to audit the configuration of Apache web servers running on various UNIX platforms. The policy can be customized to your specific Apache distribution. It can audit many aspects of the httpd.conf file.
OpenSSL signatures can be forged
OpenSSL may fail to detect forged digital signatures under certain conditions due to an error in the implementation, a failure to check a certain condition while verifying the RSA signature. The flaw affects all systems that use the OpenSSL library, and in particular servers secured with SSL/TLS and VPNs based on SSL/TLS. OpenSSL versions 0.9.7k and 0.9.8c have eliminated the vulnerability.
NIST Publication 800-94 Guide to Intrusion Detection and Prevention (IDP) Systems (Draft)
Securitycompass Web Application Analysis Tool (SWAAT)
SWAAT is a .Net command-line tool that searches through source code for potential vulnerabilities in Java, JSP, ASP.Net, and PHP.
Microsoft Word 0-day Vulnerability FAQ – September 2006, CVE-2006-4534 [UPDATED]
This is Frequently Asked Questions document about new zero-day vulnerability in Microsoft Word. The document describes related malwares as well.
-
Hi! Welcome to Rodney Campbell's Blog!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Follow Me!
