Wednesday, September 1st, DC401 is back after a one month hiatus with information fresh from Blackhat 2010 in Las Vegas!
Dan King of SecureWorks will be presenting the research he presented at Blackhat this year, regarding some security flaws he discovered in the very products we all use to protect our networks. Here's the description of his research from the Blackhat program:
Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We'll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator's session.
Date/Time: 1730 - September 1, 2010
Location: AS220 Performance Space - 115 Empire St, Providence