The IoT ecosystem will forever be vulnerable, but there is hope – Mashable

The IoT ecosystem will forever be vulnerable, but there is hope – Mashable

http://ift.tt/2ywRnpg

Your coffee pot, refrigerator, thermostat, and in-home security system are all connected to the internet. Or, if they’re not now, they will be one day. Sadly, as the forgotten stepchildren of internet security, these Internet of Things devices are likely doomed to a future teeming with botnets and hackers

But that doesn’t mean there isn’t hope for the ever-expanding IoT universe — even if it just so happens to be a thin one. While default passwords and poor update policies all contribute to vulnerable internet-connected devices, there are steps that both companies and consumers can take to make sure their security cameras don’t end up crashing Twitter (or worse). 

Whether those steps will ever truly secure IoT products is unclear, but they’re at least enough to provide the smallest glimmer of hope in an industry otherwise devoid of much positive news. And it’s a good thing, too, because without that hope the ecosystem is pretty much screwed. 

Bad news for IoT

Let’s take the big security news of the week: KRACK. The recently disclosed vulnerability in the WPA2 Wi-Fi protocol means that a determined hacker can both intercept and manipulate traffic between a Wi-Fi-connected device and the web. Even properly configured sytems are currently at risk, and only switching to an ethernet cable hard line (or updating with a presumably forthcoming manufacturer-issued patch) can keep the bad guys out. While it’s true that an attacker needs some physical proximity to a device to pull this specific attack off — thus reducing the possibility that KRACK would be used to create botnets — there are, and always will be, vulnerabilities discovered in existing devices. 

It’s hard enough to convince people to update their computer and smartphone operating systems, let alone whatever firmware runs their smart toaster

And that’s a problem. It’s hard enough to convince people to update their computer and smartphone operating systems, let alone whatever firmware runs their smart toaster. That, plus the propensity for manufacturers to ship devices with default passwords, means that attackers can all too often find and exploit armies of devices for their every nefarious whim. That doesn’t even take into account all the products that are abandoned by bankrupt companies or manufacturers that simply decide they have better things to do than issue patches for years-old smart TVs.

When every IoT device is a potential weapon against a healthy internet, the devices themselves become a threat. And threats are to be eliminated. This very much risks being the permanent status of Internet of Things gadgets, and perhaps the smart consumer is right to be forever wary of camera-enabled refrigerators. However, that doesn’t bode well for the industry and suggests that IoT is structurally flawed. 

Some hope

Thankfully, there are straightforward steps that both consumers and device manufacturers can take to both mitigate the current risk posed by Internet of Things devices and make it so the IoT future isn’t a guaranteed security mess. 

The Department of Homeland Security laid out a series of measures that manufacturers can take that, if followed, would go a long way toward securing the world of IoT. Those suggestions include using “unique, hard to crack default user names and passwords,” “using the most recent operating system that is technically viable and economically feasible,” using “hardware that incorporates security features,” automatically applying security patches, and developing “an end-of-life strategy for IoT products.”

When it comes to some of these recommendations, consumers don’t have to wait for device manufacturers to act. Taking measures into your own hands is a sure fire way to make sure they get done, after all. 

For starters, when it comes to the default passwords devices are frequently shipped with: One of the first things the new owner of a shiny IoT gizmo should do is set a unique password. This should be easy, and will help keep it out of botnets. It should also, in theory, be simple to update a device when patches for security vulnerabilities are released. Security-focused hardware is out there in the world, too. You can buy routers that are specifically designed to monitor for things like suspicious web traffic.  

Perhaps the hardest part, simply from a psychological standpoint, is knowing when to say goodbye. If the company that made your widget goes out of business or stops issuing updates for it, you and your camera-enabled vibrator may just have to part ways. We know it’s sad, but it’s also for the best. 

While, in the end, the smartest security move may be to not to fill your home with IoT gadgets in the first place, that’s a hard sell for people who generally like and find value in their various internet-connected devices. And those people deserve device security just like the rest of us (besides, their unsecured stuff can gunk up the internet for everyone else). 

The IoT ecosystem has a long way to go before it’s not plagued by zombie coffee makers and easily hackable webcams, but with a serious concerted effort and pressure on manufacturers we may one day get there. Here’s hoping that we do, or the only place your favorite web-browsing toaster will belong is in the dumpster. 

Security News,IoT News

via IoT – Google News http://ift.tt/2pYPKZV

October 18, 2017 at 08:02AM

Master Deeds – 2,257,930 breached accounts

Master Deeds – 2,257,930 breached accounts

http://ift.tt/2zjyAem

In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents. The data included extensive personal attributes such as names, addresses, ethnicities, genders, birth dates, government issued personal identification numbers and 2.2 million email addresses. At the time of publishing, it’s alleged the data was sourced from Dracore Data Sciences (Dracore is yet to publicly confirm or deny the data was sourced from their systems). On 18 October 2017, the file was found to have been published to a publicly accessible web server where it was located at the root of an IP address with directory listing enabled. The file was dated 8 April 2015.

Security News

via Have I been pwned? latest breaches http://ift.tt/1l33Xi1

October 18, 2017 at 07:12AM

Rescuing An Antique Saw Set

Rescuing An Antique Saw Set

http://ift.tt/2gpD3bI

Who doesn’t like old tools? Even if they aren’t practical to use for production, plenty of old tools still have a life to offer the hobbyist or home worker.  Some tools might seem a bit too far gone – due to age, rust, or practicality, to use. That’s where [Hand Tool Rescue] comes in. [HTR] finds rusty, dirty old tools, and brings them back to life. Sometimes they’re practical tools, other times, they’re a bit out there. In a recent video, he restored a BeMaCo automatic saw set from the 1940’s. Saw sets are tools which bend each tooth of a saw blade slightly. Typically they are pliers-like devices.

The slight bend of each tooth on the blade widens the saw’s kerf and prevents binding. Typically these tools are pliers-like devices. The BeMaCo set is something else — it pulls the blade through tooth by tooth, while a spring-loaded head pecks away, bending each tooth. It’s something Rube Goldberg would have loved.

[HTR’s] filming style borrows a lot from [Jimmy DiResta], who we’ve covered here before. There are no words, and most of the video is sped up. Even with the fast video, [HTR] probably has many hours of footage to pare down to a 20-minute video.

The restoration begins with tearing the saw set apart. Every nut and bolt is removed. All the parts are cleaned, chemically de-rusted, and wire-wheeled. Even the motor is torn down, cleaned, and wired up. Then come the re-assembly. [HTR] gets every piece back in its proper place. We’re wondering how many times he had to refer to the teardown video to get everything right. Finally, the saw is complete — ready for another 70 years of work.

Security News

via Hackaday https://hackaday.com

October 18, 2017 at 07:02AM

Indonesia Mulls Local Content Requirements for Internet of Things – Jakarta Globe

Indonesia Mulls Local Content Requirements for Internet of Things – Jakarta Globe

http://ift.tt/2x4UtgV

In addition, global tech companies that open local assembly plants or research and development facilities in the country must comply with regulation, opening job opportunities and bringing in taxes to government, Ismail said.

Yet, the government is not rushing to pass the regulation considering IoT technology is still largely premature.

“We do not want to strictly regulate a sector that is still dynamically changing because we need space for anyone to innovate,” Communication and IT Minister Rudiantara said.

The minister promised that the government would involve businesses and manufacturers to formulate IoT rules and regulations.

 

Security News,IoT News

via IoT – Google News http://ift.tt/2pYPKZV

October 18, 2017 at 07:02AM

Google Asked to Delist Pirate Movie Sites, ISPs Asked to Block Them

Google Asked to Delist Pirate Movie Sites, ISPs Asked to Block Them

http://ift.tt/2yqjpn9

After seizing several servers operated by popular private music tracker What.cd, last November French police went after a much bigger target.

Boasting millions of regular visitors, Zone-Telechargement (Zone-Download) was ranked the 11th most-visited website in the whole of the country. The site offered direct downloads of a wide variety of pirated content, including films, series, games, and music. Until the French Gendarmerie shut it down, that is.

After being founded in 2011 and enjoying huge growth following the 2012 raids against Megaupload, the Zone-Telechargement ‘brand’ was still popular with French users, despite the closure of the platform. It, therefore, came as no surprise that the site was quickly cloned by an unknown party and relaunched as Zone-Telechargement.ws.

The site has been doing extremely well following its makeover. To the annoyance of copyright holders, SimilarWeb reports the platform as France’s 37th most popular site with around 58 million visitors per month. That’s a huge achievement in less than 12 months.

Now, however, the site is receiving more unwanted attention. PCInpact says it has received information that several movie-focused organizations including the French National Film Center are requesting tough action against the site.

The National Federation of Film Distributors, the Video Publishing Union, the Association of Independent Producers and the Producers Union are all demanding the blocking of Zone-Telechargement by several local ISPs, alongside its delisting from search results.

The publication mentions four Internet service providers – Free, Numericable, Bouygues Telecom, and Orange – plus Google on the search engine front. At this stage, other search companies, such as Microsoft’s Bing, are not reported as part of the action.

In addition to Zone-Telechargement, several other ‘pirate’ sites (Papystreaming.org, Sokrostream.cc and Zonetelechargement.su, another site playing on the popular brand) are included in the legal process. All are described as “structurally infringing” by the complaining movie outfits, PCInpact notes.

The legal proceedings against the sites are based in Article 336-2 of the Intellectual Property Code. It’s ground already trodden by movie companies who following a 2011 complaint, achieved victory in 2013 against several Allostreaming-linked sites.

In that case, the High Court of Paris ordered ISPs, several of which appear in the current action, to “implement all appropriate means including blocking” to prevent access to the infringing sites.

The Court also ordered Google, Microsoft, and Yahoo to “take all necessary measures to prevent the occurrence on their services of any results referring to any of the sites” on their platforms.

Also of interest is that the action targets a service called DL-Protecte.com, which according to local anti-piracy agency HADOPI, makes it difficult for rightsholders to locate infringing content while at the same time generates more revenue for pirate sites.

A judgment is expected in “several months.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security News

via TorrentFreak http://ift.tt/JHJIUI

October 18, 2017 at 06:59AM

The best mobile VPNs for the enterprise and how to evaluate them

The best mobile VPNs for the enterprise and how to evaluate them

http://ift.tt/2ywEifL

Virtual private networks (VPNs) are a necessary protection in an inherently insecure internet world. Enterprise-class VPNs have been around forever and there are a multitude of vendors to choose among. Most require a dedicated centralized device (e.g., an appliance, gateway, firewall, concentrator or server) to which all participating VPN users connect.

Now a growing new class of VPN vendors, especially in the small business and mobile space, uses the power of the cloud to scale their decentralized offerings. Some are even completely free. Could one of these new offerings be a part of your mobile VPN strategy? Depending on your requirements, the answer may be yes.

[ Check out 5 tools to protect internet privacy | Sign up for CSO newsletters. ]

How does a mobile VPN work?

A mobile VPN allows devices such as notebook computers, smartphones or tablets used by employees to provide encrypted, authenticated tunneled access to a corporate network from any location. Both types of VPN require a device such as a server that users can connect to, although with a mobile VPN that server may be part of a cloud service.

Traditional VPNs rely on the IP address of the user to remain stable. Mobile VPNs can adapt to changing IP addresses as users move around and connect through, say, a hotel LAN or wifi hotspot. This is because mobile VPNs are bound to logical IP addresses whereas traditional VPNs require a stationary address. The logical IP address is tied to the device.

According to a 2017 paper by P&S Market Research, the global mobile VPN market is expected to grow 21 percent per year to be a $2.4 billion market by 2022. Seven of today’s leading mobile enterprise VPN vendors (Cisco, Columbiatech, IBM, Netmotion, Radio IP, Smith Micro and Techstep) will be challenged like never before by new and innovating competitors.

The new players aren’t likely to completely replace enterprise-class mobile VPN vendors in most companies for a variety of reasons, including the following enterprise-class VPN features:

  • Scalability to handle up to tens to hundreds of thousands of concurrent connections
  • Support for multiple authentication types, including multi-factor and digital certificates
  • Conditional access policies
  • Granular configurations
  • Enterprise management consoles and tools
  • Integration with other software and devices (e.g., Unified Threat Management, access points, and firewalls)
  • Hardware crypto offloading for better performance
  • Proven reliable track record

When most mobile devices come with built-in VPN support, however, and a plethora of new competitors are arriving with features often not offered in enterprise-class mobile VPNs, mobile security admins are starting to use a mixture of traditional and fresher, and sometimes even seemingly exotic solutions.

The rising value of anonymity

Some of the lesser known solutions are simply that, less popular solutions that offer the same traditional features, sometimes for free in trade for watching ads. Many others, including NordVPN and HideMyAss!, promise features that traditional VPNs just don’t have, such as better anonymity. Anonymity used to be considered a feature  only for privacy zealots, but it’s being increasingly adopted by more companies as the instances of prying corporate and government interests intensifies. Google reported more than 83,000 legal requests in the first six months of 2017 alone.

VPN anonymity can be accomplished in a number of ways, including blocking the user’s true IP address and metadata information, randomizing the IP address used, and not logging any user’s identifiable information, so that even if the VPN provider gets a legal search warrant they don’t have anything that would be useful to law enforcement or governments.

Any user seeking anonymity should be forewarned, however, that perfect anonymity is almost impossible to get, as many past lawbreakers have belatedly learned. Authorities have often summoned VPN vendors’ connection records, and even if the VPN product doesn’t have anything to do with revealing a user’s identity, the user’s other software and configuration settings may leak identifying information. Don’t expect any VPN to keep your identify hidden, no matter what the marketing hype may promise.

Whether it’s privacy or security concerns driving the VPN market, users are flocking to VPNs like never before. NordVPN CMO, Marty P. Kamden, says, “We definitely see a huge demand from the market for internet privacy and security. Due to new regulations, surveillance, and a rise in hacking attacks, more and more users sign up for VPNs. We have seen our users triple both in the US and the UK in the past year.”

Are mobile VPNs secure?

The biggest common factor in these growing mobile VPN solutions is that instead of connecting to a centralized VPN concentrator, the participating clients often connect to the VPN vendor’s cloud resources, and from there, eventually to your company’s network. Many vendors brag of hundreds and hundreds of globally distributed servers with hundreds of thousands of different IP addresses.

This is one of the major points to consider. Will your company’s risk acceptance allow your end-users to connect and rely upon someone else’s equipment and network to ensure data integrity and security? In today’s cloud world, this question may not be as hard to answer as it once was, but if you work with a new, distributed mobile VPN, you’ll want to do your due diligence research and make sure that the mobile VPN vendor isn’t one of the many that were found to be over promising or delivering no security at all. More on that later below. 

Fee-based mobile VPNs

Many of the newer mobile VPN solutions are sold on a monthly per-user fee, such as VyperVPN and SaferVPN. Prices often range from less than $1 per month per user to a few dollars per month per user, although many require an annual subscription fee up front.

VyperVPN actively promotes its ability to defeat anti-VPN blocking technologies, such as might be used in China, using a proprietary technique called Chameleon. Golden Frog President Sunday Yokubaitis says this about VyperVPN’s technology, “Chameleon scrambles OpenVPN packet metadata to ensure it’s not recognizable via deep packet inspection (DPI), while still keeping it fast and lightweight. The Chameleon technology uses the unmodified OpenVPN 256-bit protocol for the underlying data encryption. The result is that VyprVPN users are able to bypass the Great Firewall of China to achieve an open internet experience without sacrificing the proven security for which OpenVPN has long been known. Our Chinese customers can consistently experience a truly open and uncensored internet with Chameleon VPN.” VyperVPN also touts that it manages 100 percent of its equipment and doesn’t use third parties, unlike most of its competitors. In theory, this should allow VyperVPN to better control and manage its assets.

SaferVPN touts another rock solid VPN network, including ensuring that anytime you are on an insecure WiFi link that SaferVPN automatically kicks in. They offer 24×7 tech support, which not all vendors offer. They support multiple protocols, legacy and newer, even though one VPN protocol is preferred over the others.

SaferVPN recommends that customers use OpenVPN (an open source darling) if they can, stating “OpenVPN is our recommended protocol and the one our service connects with automatically. This is because it offers the highest performance for maximum security and speed. We do, however, believe in giving our customers freedom and flexibility in choice, so we also allow them to manually select among OpenVPN, L2TP over IPSec, PPTP and IKeV2 protocols.”

In general, many of the per-user fee-based VPNs tout their global presence, online privacy, performance, platform support, and ease-of-use. Most allow a single user to connect multiple devices within the same license, usually up four to six devices. Make sure to inquire how many devices can connect and how they are tracked to a single user license. Some will allow you to share your license with other users, up to the maximum limit, while others are specifically tracked to a single user.

Free mobile VPNs

The most popular free mobile VPN is probably OpenVPN. As discussed above, OpenVPN is GNU general public-licensed opensource and well liked for its performance and security. It uses OpenSSL, TLS, and HTTPS, along with an additional custom protocol for its VPN capabilities. It can be run on Windows, Mac, Android and even some WiFi routers.

The free VPN apps like Hotspot Shield and TunnelBear typically support themselves by delivering ads with the service or limit you to certain data maxes. Hotspot Shield claims over 500 million users, the vast majority of which use the ad supported version. If Hotspot Shield users want to get rid of the ads, they can opt over to commercial versions. There used to be more ad-supported VPN products in the past, but they appear to be dwindling as time goes on. TunnelBear is free up to a max of 500MB of protected data per month, and requires a fee of $4.99 to $9.99 per month to handle more than that. For reasons I don’t understand, the commercial versions of many free VPN products cost significantly more than completely user fee-based models.

Mobile VPNs and BYOD

Non-enterprise class mobile VPNs are definitely playing a bigger role in the enterprise. Most of the mobile VPN choices covered here list dozens of corporate clients. Many companies find them the answer in places where they can’t, or don’t want to, purchase and manage expensive VPN concentrators.

In the days where “bring-your-own device” (BYOD) policies often rule the corporate space, many security administrators require that users connecting to the corporate LANs have a VPN, but don’t require particular VPNs. Other companies advertise a list of acceptable VPNs, so that employees must choose one of the pre-vetted choices.

Employees interested in their own privacy and security often install always-on mobile VPNs, so even if the corporation isn’t intentionally requiring one, they are interacting with one. This is important because most mobile VPNs don’t differentiate between corporate and non-corporate networks, even though the same protections apply. A trusted employee connecting to your network using a mobile VPN is going to be as masked as a malicious intruder doing the same. At the very least, the originating IP address and other metadata information cannot be relied upon, for authentication or tracking purposes.

How to select a mobile VPN

At the same time, non-enterprise-class VPNs can have traits and issues that are entirely the reasons why they aren’t considered “enterprise-class.” At the very least, companies need to consider how to treat a VPN that they don’t completely control. Are they comfortable with another company controlling the VPN experience from their employee to their location? Some mobile VPNs might not be providing any security at all, or even worse, may be intentionally, silently, intercepting a user’s data.

In fact, according to a whitepaper by University of California Berkeley, which focused on 283 Android-based mobile VPNs, the protection and security was often non-existent. Seventy-five percent of them used third-party tracking libraries, 38 percent contained malware, 18 percent actually did not encrypt the traffic they claimed to protect. If nothing else, this points out that all users of mobile VPN services need to use a trusted vendor and verify their claims. It’s not enough to read an online guarantee and believe the claims.

Other things to consider include:

  • Does the mobile VPN solution scale enough to meet your enterprise transaction levels?
  • Does the mobile VPN vendor offer an enterprise management tool or console? Do you need one?
  • How does mobile VPN usage impact your existing security monitoring and tracking?
  • What platforms do they support? What protocols (e.g., OpenVPN, L2TP, IPSEC, SSTP, or PPTP)?
  • Do they offer the authentication choices you need, such as multi-factor?
  • Is an ad-supported solution acceptable?
  • Do they offer the granular configuration complexity you need?
  • What is their tech support policy?

Enterprise-class mobile VPNs have all these answers in spades. They have been well tested for a long time to provide the authentication and encryption security they claim to provide. This is not the case with many of the newer mobile VPN options.

Is a mobile VPN right for you?

All enterprise mobile administrators should be aware of the growing class of non-enterprise mobile VPNs, and what it means for their environment, either by choice or force. Mobile VPNs offer a great opportunity to protect information and privacy. How does one fit into your environment?

More VPN articles

Security News

via CSO Online http://ift.tt/2gDzvif

October 18, 2017 at 06:49AM

How to Protect Your Files From Ransomware With Windows Defender’s New “Controlled Folder Access”

How to Protect Your Files From Ransomware With Windows Defender’s New “Controlled Folder Access”

http://ift.tt/2zzAicK

Windows 10’s Fall Creators Update includes a new Windows Defender feature designed to protect your files from ransomware. It’s named “Controlled Folder Access”, and it’s disabled by default. You’ll need to enable it yourself if you want to try it out.

This feature is no substitute for good backups, which can help you recover your files in case a piece of ransomware makes it past your security software. But it’s still good to have enabled as a preventative measure.

How Controlled Folder Access Works

This feature is part of Windows Defender. It provides an additional layer of protection when programs try to make changes to files in your personal data folders, like your Documents, Pictures, and Desktop folders. Normally, any program running on your system could do anything it liked to these folders. With this new feature enabled, only “apps determined by Microsoft as friendly” or applications you specifically allow will be able to make changes to your personal files in these folders.

In other words, this will block ransomware from encrypting or otherwise making any changes to your protected folders.

Controlled folder access won’t protect against malware viewing and making copies of your files. It only protects against malware changing these files. So, if malware was running on your PC, it could still make copies of your personal data and send it elsewhere—it just wouldn’t be able to overwrite those files or delete them.

How to Enable Controlled Folder Access

To enable this feature, open the Windows Defender Security Center application. To find it, click Start, type “Windows Defender”, and launch Windows Defender Security Center.

Click the shield-shaped “Virus & threat protection” icon in Windows Defender’s sidebar. After you have, click the “Virus & threat protection settings” link.

Scroll down and set the “Controlled folder access” option to “On” by clicking it. Agree to the User Account Control prompt that appears afterwards to confirm this change.

If you don’t see this option, your PC probably hasn’t been upgraded to the Fall Creators Update yet.

How to Choose Which Folders Are Protected

Once you’ve enabled this feature, you can click “Protected folders” under Controlled folder access in Windows Defender’s interface to manage which folders are protected.

By default, you’ll see that Windows protects system folders and user data folders. These include the Documents, Pictures, Videos, Music, Desktop, and Favorites folders in your user account’s folder.

If you store important data in other folders, you’ll want to click the “Add a protected folder” button and add other folders with your important personal data.

How to Give a Program Access to Your Files

Here’s the good news: Windows tries to be smart about this. Windows Defender will automatically allow known-safe programs to change files in these folders, so you don’t have to go through the hassle of allowing all the different programs you use to access your personal files.

However, when a program that Windows Defender isn’t sure about tries to change the files found in these folders, that attempt will be blocked. When this occurs, you’ll see an “Unauthorized changes blocked” notification informing you that Controlled Folder Access blocked a specific program from writing to a specific protected folder. The program will likely display an error message.

If you see this notification and you know the program you’re using is safe, you can allow it access by heading to Windows Defender > Virus & threat protection > Virus & threat protection settings and clicking the “Allow an app through Controlled folder access” link under Controlled folder access.

You can also simply click the notification, which will be under your Action Center if you haven’t yet dismissed it, to go directly to this screen.

Click the “Add an allowed app” button and browse to the program you want to give access to. You’ll have to find the .exe file associated with the program, which will likely be somewhere under your Program Files folder.

Whenever you see the notification and want to unblock an app, return here and add it. You shouldn’t have to do this for too many apps, as popular apps should be known-safe and automatically allowed through Controlled folder access.

System administrators managing networks of PCs can use Group Policy, PowerShell, or a Mobile Device Management (MDM) server to enable this feature across an entire network of PCs. Consult Microsoft’s official documentation for more information about this.

Security News

via How-To Geek http://ift.tt/2f5IBTe

October 18, 2017 at 06:40AM

CVE-2017-8024

CVE-2017-8024

http://ift.tt/2grNYlm

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 18, 2017 at 06:23AM

CVE-2017-15583

CVE-2017-15583

http://ift.tt/2yxdTia

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 18, 2017 at 06:23AM

CVE-2017-15587

CVE-2017-15587

http://ift.tt/2grCXR7

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 18, 2017 at 06:23AM