Archive for July, 2012

ICS-CERT has released an Advisory titled "ICSA-12-213-01 – Sielco Sistemi Winlog Mult Vulnerabilities" (PDF)

This Advisory details vulnerabilities in Sielco Sistemi's Winlog application.

Written testimony of the DHS Privacy Office for a Senate Homeland Security and Governmental Affairs Subcommittee on Oversight of Government Management hearing titled “State of Federal Privacy and Data Security Law: Lagging Behind the Times?”

Privacy Office Chief Privacy Officer Mary Ellen Callahan addresses her role as the Department of Homeland Security’s Chief Privacy Officer, the Privacy Act, and the collaborative achievements of the Privacy Committee of the Federal Chief Information …

Written testimony of the DHS Privacy Office for a Senate Homeland Security and Governmental Affairs Subcommittee on Oversight of Government Management hearing titled “State of Federal Privacy and Data Security Law: Lagging Behind the Times?”

Privacy Office Chief Privacy Officer Mary Ellen Callahan addresses her role as the Department of Homeland Security’s Chief Privacy Officer, the Privacy Act, and the collaborative achievements of the Privacy Committee of the Federal Chief Information …

If Thad Allen ran DHS

The homeland security enterprise got a glimpse of what DHS might look like if Thad Allen becomes the Secretary of Homeland Security. He testified a few weeks ago at a senate hearing about “The Evolution of the Homeland Security Department’…

Savor Complexity

Earlier today I received a solicitation for paid advertising at Homeland Security Watch.   The placement would be part of a national campaign that you may have seen in your neighborhood. I’m pleased to say the taste-test was a great success.  I…

ICS-CERT has released an Advisory titled "ICSA-12-212-01 – ICONICS GENESIS32-BizViz Security Configurator" (PDF)

This Advisory has identified an authentication bypass, privilege escalation vulnerability in the ICONICS GENESIS32-BizViz application.

ICS-CERT has released an Advisory titled "ICSA-12-212-02 – Siemens SIMATIC S7-400 PN CPU DoS" (PDF)

This Advisory details a Siemens reported denial-of-service (DoS) vulnerability that exists in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products.

ICS-CERT has released an Advisory titled "ICSA-12-212-02 – Siemens SIMATIC S7-400 PN CPU DoS Vulns" (PDF)

This Advisory details a Siemens reported denial-of-service (DoS) vulnerability that exists in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products.

ICS-CERT has released an ALERT titled "ICS-ALERT-12-212-01 – KEP Infilink HMI Insufficient Password Hashs" (PDF)

This ALERT warns of a public report of insufficiently protected credentials vulnerability with proof-of-concept (PoC) exploit code affecting Kessler-Ellis Products (KEP) Infilink HMI V5.00.23 product.

ICS-CERT has released an ALERT titled "ICS-ALERT-12-212-02 – WellinTech KingView User Credentials Not Securely Hashed" (PDF)

This ALERT warns of a public report of default credential vulnerability affecting the WellinTech KingView product.