background preloader

NIST.gov - Computer Security Division - Computer Security Resource Center

NIST.gov - Computer Security Division - Computer Security Resource Center
Related:  Informational

CSIRT, Computer Security Incident Response Team Infosec Writers Text Library Disclaimer: Content in this library are provided "as is" and without warranties of any kind, either express or implied. InfoSec Writers does not warrant the use or the results of the use of the content in terms of their correctness, accuracy, reliability, or otherwise. In no event shall InfoSec Writers be liable for any damages - indirect, consequential or whatsoever - from usage of the content provided here. However, we are dedicated to providing QUALITY content, so we encourage you the reader to voice your queries or suggestions with regard to the technical accuracy/validity of any such content in this library. Re-posting ANY material, edited or not edited, (including files, text, design) off this site for public use is prohibited without prior authorization from us (or the respective owner/writer). To submit a text click here.

ECN News 2009-10-11: Gone inactive again, and I suspect this won't change again. If anyone is interested in taking over the database (stripped of personal information) please let us know and I'll be happy to provide a forwarding link). 2008-05-04: After a few years of inactivity we're actively processing submissions again Introduction This page was set up to make people aware of a problem surrounding the implementation of ECN (Explicit Congestion Notification) where communication between hosts using ECN and hosts which behave badly is completely cut off. ECN is a new development in the TCP/IP protocol suite which will help reduce congestion over heavily-loaded links, and so improve the running of the Internet. In short, "Products which (a) do not support ECN and (b) do not properly ignore ECN bits, are considered non-compliant." [1] If you are an organisation whose site is listed on the hall of shame, you may want to take a look at the links below for a list of some known broken products. Links

isc Home | SANS Internet Storm Center; Cooperative Network Security Community - Internet Security Special Publications (800) NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials: SP 800, Computer Security (December 1990-present): NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials (SP 800s are also searchable in the NIST Library Catalog); SP 1800, NIST Cybersecurity Practice Guides (2015-present): A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity; SP 500, Computer Systems Technology (January 1977-present): A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. Note: Publications that link to dx.doi.org/... will redirect to another NIST website.

National Vulnerability Database Home Virus Bulletin : Independent Malware Advice How To Change a Windows 2000 User's Password Through LDAP You can set a Windows 2000 user's password through the Lightweight Directory Access Protocol (LDAP) given certain restrictions. This article describes how to set or change the password attribute. The password is stored in the Active Directory on a user object in the unicodePwd attribute. This attribute can be written under restricted conditions, but it cannot be read. The attribute can only be modified; it cannot be added on object creation or queried by a search. The syntax of the unicodePwd attribute is octet-string; however, the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). There are two possible ways to modify the unicodePwd attribute. The second way to modify this attribute is analogous to an administrator resetting a password for a user. The following two functions provide examples of these operations:

Webmaster, Technology, and Headline News & Resources | SiteProNews EDGAR System Skip to Main Content Company Filings | More Search Options EDGAR | Search Tools Free access to more than 20 million filings Since 1934, the SEC has required disclosure in forms and documents. EDGAR Search Tools You can search information collected by the SEC several ways: Custom searches Resources Researching Public Companies Through EDGAR: A Guide for Investors In this guide, you’ll find tips for using EDGAR and answers to frequently asked questions about researching public companies.

National Vulnerability Database CVSS Scoring This page shows the components of the CVSS score for example and allows you to refine the CVSS base score. Please read the CVSS standards guide to fully understand how to score CVSS vulnerabilities and to interpret CVSS scores. The scores are computed in sequence such that the Base Score is used to calculate the Temporal Score and the Temporal Score is used to calculate the Environmental Score. Alert: Environmental Modified Impact CVSS Base Score Undefined Impact Subscore Exploitability Subscore CVSS Temporal Score Not Defined CVSS Environmental Score Modified Impact Subscore Overall CVSS Score CVSS v2 Vector Not Defined Base Score Metrics The base metric group captures the characteristics of a vulnerability that are constant with time and across user environments. Exploitability Metrics Access Vector (AV) This metric reflects how the vulnerability is exploited. Local (AV:L) Adjacent Network (AV:A) Network (AV:N) Access Complexity (AC) High (AC:H) Specialized access conditions exist. Medium (AC:M) Low (AC:L)

Professional Security Testers resources warehouse Mike Holt Tracing EMFs in Building Wiring and Grounding, by Karl Riley, 133p, many illustrations, MSI, 1995, $28.00 Rt. 1, Box 361A, Edgartown MA 02539 Phone: (508) 627-4719 Email: kriley3@ix.netcom.com Chapter on EMF and Wiring for Mike Holt’s book By Karl Riley I am often asked to recommend an electrician who is able to trace and correct wiring errors which are creating high magnetic fields in a building. Symptoms of 60 Hz EMI What causes clients to know they have a magnetic field problem? For residences the reason I am called in is often that the client has gotten hold of a gaussmeter (which measures AC magnetic field strength in milligauss – mG) and has obtained readings which are alarming based on the ongoing epidemiological research which shows a statistical link to some diseases like childhood leukemia, certain brain tumors, and Alzheimer’s disease at the 4 mG level. Magnetic fields due to wiring errors What kinds of errors create these fields? Grounding the neutral in dryers and ranges

Related: