CALENDAR
Network Security October 200420
13-14 October 2004INFOSECURITYNETHERLANDSLocation: Utrecht,The NetherlandsWebsite: www.infosecurity.nl
13-15 October 2004BIOMETRICS 2004Location: London, UKWebsite:www.biometrics2004.com
3-5 November 2004RSA EUROPELocation: Barcelona, Spain
Website:www.rsaconference.com
7-9 November 2004CSI ANNUAL COMPUTER SECURITYCONFERENCELocation: Washington, USWebsite:www.gocsi.com/annual/Email: [email protected]
24-25 November 2004INFOSECURITYFRANCELocation: Paris, France
Website:www.infosecurity.com.fr
30 November 2004BUSINESSINFORMATION SECURITYLocation: LondonWebsite:www.marketforce.eu.comTel: +44(0)207608 0541Email:[email protected]
7-9 December 2004INFOSECURITY USA
Location: New York, USAWebsite:www.infosecurityevent.com
7-8 December 2004THE SYMPOSIUM FORINFORMATION SECURITYMANAGEMENTLocation: AmsterdamWebsite:www.mistieurope.comEmail: [email protected]
EVENTS CALENDAR
PHPTwo vulnerabilities have been reported inPHP; these can be exploited to exposesystem information or to upload files inarbitrary locations. However, to do this,PHP has to be used in a special way.
Updated versions of PHP are availablein the CVS repository. Please refer to theSecunia advisory below for details.
http://secunia.com/SA12560
Apple iChat Apple has issued a security update foriChat, which addresses a vulnerabilitythat can be exploited to compromise avulnerable system. Please read Secuniaadvisory below for details.
http://secunia.com/SA12575
Real Players RealNetworks has issued new versions ofits players. This fixes some vulnerabilitiesthat can be exploited to compromise a vul-nerable system. Patches are available fromthe vendor; please refer to the Secuniaadvisory for a link to the vendor advisory.
http://secunia.com/SA12672
Lumeta adds visuals tonetwork discovery toolBrian McKenna
Lumeta, a New Jersey based soft-ware company that identifies net-
work holes, has upgraded its IPSonartechnology.
The company’s main product mapsnetworks, and was launched in May2003. Lumeta has 80 customers at pre-sent, and gets about 30% of its revenuefrom the government sector, mainly inthe US.
Dave Arbeitel, SVP, StrategicDevelopment at Lumeta, describes IPSonar 3.5 as "the most feature-richsoftware we have ever done”. Theupgrade adds visual analytics and data-mining to the product.
Arbeitel said the product fills a holewithin the “intrusion management”arena by "focusing on the vulnerabili-ties that the network itself creates”.
The company works closely withFoundstone, now part of NetworkAssociates. It also partners with BTSolutions and Cirosec in Germany.
Speaking of intrusion detection andprevention technologies, Arbeitel said:“The worms continue to get through,
and one of the reasons is that an IPnetwork address space is very dynamic,with traffic flows across many types ofconnections, connections to partners,mobile workers and so on. So it be-comes very difficult to understand whatyou do not know about your network”.
He reported that some of Lumeta’scustomers have “thousands of networkleaks”.
"We can show you where the leaksare, what routers cause those leaksbecause of misconfigured AccessControl Lists, and so on”.
"The issue with IDS and IPS systemsis that they capture traffic to assesswhether you are being attacked. It isnot easy to know where to place them.And you can’t place them in enoughplaces on your network to see all thetraffic. This is because enterprise net-works today make heavy use of LANswitching technology that partitionstraffic flows so that it is really difficultto see everything”.
The product is “being transitionedfrom a tool where you do periodicscans to one that is used daily.
IP Sonar costs $20,000 for a 30 daylicence scanning 5000 IP addresses.
Recommended
![+[Nouveaux]+ Visuals](https://img.dokumen.tips/doc/110x75/568bde9a1a28ab2034ba1925/nouveaux-visuals.jpg)
