http://securitylab.net Thu, 16 Nov 2006 22:33:01 +0000 http://backend.userland.com/rss092 en BOSTON, MA: MARCH 07, 2005 - Ejovi Nuwere, Founder and CTO of SecurityLab Technologies, Inc. will participate as an invited guest at The International Summit on Democracy, Terrorism and Security in Madrid, Spain from the 8th to the 11th of March. The summit organizers, which include the King of Spain ... http://securitylab.net/news/securitylab-fights-terrorism/ Japanese version (PDF) Boston, MA--November 10, 2004: SecurityLab Technologies Inc, provider of enterprise security training products and consulting services, today announced that CTO, Ejovi Nuwere, will present the findings from his audit of Japan.s National ID system Juki-Net at the PacSec Security Conference in Tokyo, Japan. During Nuwere.s audit, from September ... http://securitylab.net/news/juki_audit_announcement/ --- SecurityLab Technologies, Inc. --- Security Advisory --- http://www.securitylab.net Advisory Name: NetBSD / OpenBSD kernfs_xread patch evasion Release Date: February 02, 2006 Application: kernfs Platform: NetBSD / OpenBSD Severity: Severe Author: SLAB Research Vendor Status: Patched Reference: http://www.securitylab.net/research/ Overview: Due to a flaw in the original patch implemented by the NetBSD team in release 2.0.3 the kernfs_xread function was still vulnerable to exploitation. The ... http://securitylab.net/research/advisory-netbsd-openbsd-kernfs_xread-patch-evasion/ SecurityLab Technologies, Inc. --- www.securitylab.net --- Security Advisory Advisory Name: Buffer Overflow in MultiTech VoIP Implementations Release Date: December 05, 2005 Application: MultiVoIP Gateway Platform: Multiple Severity: Moderate Author: Ejovi Nuwere Vendor Status: Patched in Version x.08 Reference: http://www.securitylab.net/research/ Overview: The MultiVOIP voice over IP gateway provides toll-free voice and fax communications over the Internet or Intranet. Occasionally MultiTech develops and ... http://securitylab.net/research/buffer-overflow-in-multitech-voip-implementations/ By Ejovi Nuwere Our Presentation VON Fall 2005 on Fundamental VoIP vulnerabilities (PDF) http://securitylab.net/research/von-fundamental-voip-vulnerabilities/ BLACKHAT BRIEFINGS 2005 By Ejovi Nuwere & Mikko Varpiola Presentation file (PDF) from our presentation at Blackhat. http://securitylab.net/research/blackhat-voip-security-presentation/ Example PDU's from our Blackhat talk. BlackHat Briefings USA 2005 - The Art of SIP Fuzzing and vulnerabilities found in VoIP. Example test cases for applying different types of anomalies to SIP messages. Use at your own risk. In many ways these messages are similar to those presented in SIP torture tests draft. These ... http://securitylab.net/research/the-art-of-sip-fuzzing-and-vulnerabilities-found-in-voip/ Advisory Name: Ethereal 0.10.10 SIP Dissector Overflow Release Date: 05/07/05 Application: Ethereal 0.10.10 and Prior Platform: Multiple Severity: A remote attacker can execute arbitrary commands Author: Ejovi Nuwere Vendor Status: Vendor has published patch Reference: http://www.securitylab.net/ethereal-0-10-10.txt Overview: Ethereal is a popular open source network sniffer. It has the ability to inspect and dissect more then 600 protocols. Ethereal is ... http://securitylab.net/research/advisory-ethereal-sip-overflow-vulnerability/