About icasi-adminuser

This author has not yet filled in any details.
So far icasi-adminuser has created 22 blog entries.

Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability CVE-2009-3555

ICASI is releasing this alert to provide guidance on a protocol-level design flaw allows for an attacker to perform a man-in-the-middle (MITM) attack on sessions protected by Transport Layer Security (TLS) and Secure Sockets Layer (SSL). This vulnerability could allow an attacker who is able to successfully leverage a MITM attack to prepend data to [...]

ICASI Members Release Domain Name System (DNS) Advisories

ICASI is aware of an industry-wide vulnerability regarding the Domain Name System (DNS). ICASI members have released advisories for their affected products, and ICASI encourages customers to review those advisories and deploy any necessary updates or mitigations in a timely manner. For more information on our members' products, or to report potential security vulnerabilities, please [...]

Wi-Fi Protected Access (WPA) Encryption Vulnerability

ICASI is aware of reports that describe a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The documented issue affects encryption solutions that implement WPA-TKIP and allows an attacker to inject network traffic between an access point and a client if multimedia extensions are [...]

Conficker Malware Threat

ICASI is releasing this alert to provide clarity and guidance on issues that have been raised regarding the change to Conficker malware. This alert provides a consolidated view and information from ICASI member companies. The Conficker worm has grown to be a large active botnet. At this time Conficker affects a variety of Windows operating [...]

Updated Conficker Malware Threat

ICASI is releasing this alert to provide guidance on issues that have been raised regarding the behavior of the Conficker malware threat. Historically, once botnets reach a sufficient size, their purposes tend to evolve and change organically to meet the needs of the owners. This trend is likely to also occur with Conficker, and many [...]

Vulnerabilities in Microsoft Active Template Library (ATL)

The Industry Consortium for Advancement of Security on the Internet (ICASI) is releasing this alert to provide guidance on issues that have been raised regarding vulnerabilities in Microsoft’s Active Template Library (ATL). These vulnerabilities could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL.

ICASI partners with FIRST to form Vulnerability Coordination SIG

ICASI and the Forum of Incident Response and Security Teams (FIRST) have partnered to launch a new SIG on Vulnerability Coordination within FIRST that will bring together a multi-stakeholder, cross-industry group with the aim of improving the way in which vulnerabilities are coordinated and related information is shared with stakeholders across like communities. In this way it [...]

ICASI facilitates conversation around Coordination at FIRST

In support of its efforts to facilitate industry-wide conversation around ways to improve vulnerability coordination, ICASI will be hosting two sessions on the topic during this week’sFIRST Conference in Boston. We encourage anyone who will be at FIRST to stop in and join the discussion. The sessions will be as follows: Panel: Developing a Multi-Faceted [...]

Trust. That’s Why.

The topic of ICASI arises often when I visit customers or talk with folks from both inside and outside of the computer and telecommunications industries. They typically ask a variety of questions ranging from “What is this ICASI thing?” to “Which big vendors are involved?” to the frank but amusing “Really? Advancing the state of [...]

Vulnerability Response and Disclosure: One Size Does Not Fit All

[Notice: This blog post should not be interpreted in any way as representing the position of any particular ICASI member company, or a formal position statement from ICASI itself.] A recent blog post brought back to the forefront debate around how and under what timeframes security vulnerabilities should be handled and disclosed. When dealing with [...]