![[ Assurance - assurance.com.au ]](/images/banner_logo.png){kind=logo}
![[ bush fire smoke hangs over road ]](/images/road.jpg)
Recent Assurance Media Coverage
> recent media < 2007 media : 2006 media : 2005 media :
The following are external links which will launch in a separate browser window. Those marked with ![[ key ]](/images/key.png)
require subscription or registration for access.
Updated June 2008
- 2008 June 17 - Risky Business - Part 2 of Neal Wise's interview with the Risky Business podcast - see below for Part 1
- 2008 June 11 - Risky Business - Neal Wise speaks with IT Radio's Blögmëister Patrick Gray on Bluetooth and Wireless
- 2007 July 24 - Computerworld - "Customers fail to exploit the benefits of VoIP" - Computerworld speaks with Neal Wise about some threats to Voice-over-IP (VoIP)
- 2007 July 17 - The Age - "Pregnant pause OK for Microsoft" - Adam Pointon speaks on vendor response times to software flaws
- More Media Coverage...
Assurance News & Press Releases
Updated August 2008
- 2008 August 17 - EVENT: Kiwicon 2008 Neal Wise to speak at Kiwicon, September 27-28, 2008 in Wellington, New Zealand on "Annoying controller-based 802.11 wireless solutions"
- 2008 January 17 - EVENT: AusCERT 2008 Neal Wise to present a tutorial at AusCERT 2008, May 18-23, 2008 Gold Coast, Australia on "'Hands On' Auditing Wireless Services with Open Source Tools"
- 2006 April 19 - ADVISORY RELEASE: Multiple Linux-based Cisco Products - Cisco Wireless Lan Solution Engine (WLSE), Cisco Hosting Solution Engine (HSE), Cisco Ethernet Subscriber Solution Engine (ESSE), Cisco User Registration Tool (URT), CiscoWorks2000 Service Management Solution (SMS), Cisco Vlan Policy Server (VPS), Cisco Management Engine (ME1100 Series), CiscoWorks Service Level Manager (SLM) - There are two vulnerabilities that exist in the CiscoWorks Wireless LAN Solution Engine (WLSE). The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system. The second vulnerability affects several other products.
- 2005 November 07 - ADVISORY RELEASE: Asterisk PBX Comedian Voice Mail - A vulnerability exists in the vmail.cgi CGI which permits retrieval of any .WAV file on the Asterisk system by a valid, authenticated voice mail user. This includes other users' stored voice mail messages.
- 2005 March 14 - ADVISORY RELEASE: Barracuda Networks Spam Firewall - A vulnerability in web-based management CGI smtp_test.cgi leads to remote non-privileged compromise by an un-authenticated attacker; local mis-configuration of sudo leads to local privileged "root" compromise. When combined these two issues provide remote, un-authenticated and privileged access to Barracuda's Linux-based operating system.