Posted by Eric Windisch on Oct 19
I have contacted Seagate regarding the following and was twice informed of
a 90-day window for disclosure. I followed up to no response and have
decided, following the culmination of those 90-days, to publish.
The fact that embedded devices are vulnerable is not new. This is really
not newsworthy, but perhaps we can aim higher? The Central NAS is not
Seagate’s most popular model, but it does share code with other, more
popular products such as…
Posted by alendal on Oct 19
Research overview:
==========================
Research on Western Digital wide-spread self-encrypting hard drive series “My Passport” / “My Book”.
Devices researched utilizes mandatory HW AES encryption.
Authors:
==========================
Gunnar Alendal
Christian Kison
modg
Paper and presentation links:
==========================
Full paper at Cryptology ePrint Archive:
https://eprint.iacr.org/2015/1002.pdf
Presentation…
AMSTERDAM– October 19, 2015 – AVG Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million active users, today announced that Tony Anscombe, the company’s Senior Security Evangelist, will be participating in a panel debate at the MEF European Consumer Trust Summit on October 20, 2015.
Taking place in London’s Canary Wharf, and open to both MEF members and non-members, the Summit will bring together brands, mobile operators, regulators, developers and innovators to examine the business-critical issue of how to foster consumer trust in today’s mobile age.
This comes as the latest MEF Global Consumer Trust Report ranked trust as the single, largest obstacle to growth in the mobile content and commerce industry – with two-fifths of survey respondents naming a lack of trust as the number one dissuasive factor when downloading items.
Anscombe will be joining representatives from Mozilla, Vodafone, Smart e-Money and CitizenMe to discuss, “Trust as a Driver for Innovation.”
What: Tony Anscombe, AVG Technologies, at the MEF Consumer Trust Summit
When: Afternoon Session (between 14.00-17.00), Tuesday, 20 October 2015
Where: Level 39, Canary Wharf, London
The Consumer Trust Summit forms part of a week of activities from MEF, kicking off with the annual Meffys award gala dinner on 19 October 2015. Now in their twelfth year, the Meffys aim to recognize the most successful and innovative players across the mobile ecosystem. This year, AVG has been shortlisted in the Consumer Trust category for its one-page privacy policy.
For further information about the Consumer Trust Summit, or other MEF events, please visit the organization’s website: http://www.mobileecosystemforum.com/
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, and personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security, and mobile device management that simplify and protect businesses.
All trademarks are the property of their respective owners.
Contacts:
North America:
Deanna Contreras
Tel: +1 415 371 2001
Email: [email protected]
Rest of World:
Zena Martin
Tel: +44 7496 638 342
Email: [email protected]
Press information: http://now.avg.com
Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the “host-OS.”
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is “corrupted,” which allows local users to gain root privileges by modifying the file.
The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic.
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling.
Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.