Renowned Security Expert Informs political leaders on ways to combat terrorism on the Internet during International Summit on Democracy, Terrorism and Security.
Archive for November, 2006
SecurityLab Technologies Ejovi Nuwere to Assist Political Leaders on Combating Terrorism on the Internet
Published November 16th, 2006 in News. ClosedSecurityLab Technologies Inc. Announces Findings from Security Audit of the Juki-Network System in 2003
Published November 16th, 2006 in News. ClosedJapanese version (PDF)
Boston, MA–November 10, 2004: SecurityLab Technologies Inc, provider of enterprise security training products and consulting services, today announced that CTO, Ejovi Nuwere, will present the findings from his audit of Japan.s National ID system Juki-Net at the PacSec Security Conference in Tokyo, Japan. During Nuwere.s audit, from September to November 2003, his identity […]
ADVISORY: NetBSD / OpenBSD kernfs_xread patch evasion
Published November 16th, 2006 in Research. Closed— SecurityLab Technologies, Inc.
— Security Advisory
— http://www.securitylab.net
Advisory Name: NetBSD / OpenBSD kernfs_xread patch evasion
Release Date: February 02, 2006
Application: kernfs
Platform: NetBSD / OpenBSD
Severity: Severe
Author: SLAB Research
Vendor Status: Patched
Reference: http://www.securitylab.net/research/
Overview:
Due to a flaw in the original patch implemented by the NetBSD team in
release 2.0.3 the kernfs_xread function was still vulnerable to
exploitation. The original patch failed to manage […]
ADVISORY: Buffer Overflow in MultiTech VoIP Implementations
Published November 16th, 2006 in Research. ClosedSecurityLab Technologies, Inc.
— www.securitylab.net —
Security Advisory
Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
Release Date: December 05, 2005
Application: MultiVoIP Gateway
Platform: Multiple
Severity: Moderate
Author: Ejovi Nuwere
Vendor Status: Patched in Version x.08
Reference: http://www.securitylab.net/research/
Overview:
The MultiVOIP voice over IP gateway provides toll-free voice and fax communications over the Internet or Intranet. Occasionally MultiTech develops and licenses their VoIP Gateways and […]
By Ejovi Nuwere
Our Presentation VON Fall 2005 on Fundamental VoIP vulnerabilities (PDF)
BLACKHAT BRIEFINGS 2005
By Ejovi Nuwere & Mikko Varpiola
Presentation file (PDF) from our presentation at Blackhat.
Example PDU’s from our Blackhat talk.
BlackHat Briefings USA 2005 - The Art of SIP Fuzzing and vulnerabilities found in VoIP.
Example test cases for applying different types of anomalies to SIP
messages. Use at your own risk. In many ways these messages are
similar to those presented in SIP torture tests draft. These test
cases are released to be […]
Advisory Name: Ethereal 0.10.10 SIP Dissector Overflow
Release Date: 05/07/05
Application: Ethereal 0.10.10 and Prior
Platform: Multiple
Severity: A remote attacker can execute arbitrary commands
Author: Ejovi Nuwere
Vendor Status: Vendor has published patch
Reference: http://www.securitylab.net/ethereal-0-10-10.txt
Overview:
Ethereal is a popular open source network sniffer. It has the ability to inspect and dissect more then 600 protocols. Ethereal is used by network professionals around […]
