CERT Coordination Center

Options

Vulnerabilities, Incidents & Fixes

Security Practices & Evaluations

Survivability Research & Analysis

Training & Education

Related

CERT Contact Information

CERT Statistics

Meet the CERT/CC

CERT/CC Overview and Intruder Trends

CERT Annual Reports

Publications by CERT/CC Staff

Presentations by CERT/CC Staff

Press Releases

Employment Opportunities

Other Sources of Security Information

Messages
	webmaster @cert.org.

	Related Sites

Established in 1988, the CERT^® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

May 28, 2004
Governing for Enterprise Security
This article is the first in a series of features to help leaders mobilize, achieve, and sustain enterprise security in their organizations.

May 24, 2004
Survivable Functional Units: Balancing an Enterprise's Mission and Technology (pdf)
This technical note describes Survivable Functional Units, a way to think about these enterprise networks.

May 18, 2004
Building a Practical Framework for Enterprise-Wide Security Management (pdf)
This presentation describes work in progress on a framework that mobilizes key enterprise functions to achieve and sustain a desired security state in the normal course of business and addresses the proliferation of security regulations, standards, checklists, scorecards, assessments, and audits.

US-CERT Cyber Security Alert
SA04-104A : Summary of Windows Security Updates for April 2004

Tech Tips:

Articles:

June 21-23, 2004

OCTAVE Training Workshop

June 24-25, 2004 (PGH)
OCTAVE Instructor Training

Advisories
& Incident Notes

all
advisories | incident notes

US-CERT Technical Cyber Security Alert
TA04-160A
SQL Injection Vulnerabilities in Oracle E-Business Suite

US-CERT Technical Cyber Security Alert
TA04-147A
CVS Heap Overflow Vulnerability

US-CERT Technical Cyber Security Alert
TA04-111B
Cisco IOS SNMP Message Handling Vulnerability

US-CERT
Vulnerability Notes

US-CERT vulnerability notes database

New and Notable Vulnerabilities:

Oracle E-Business Suite SQL Injection vulnerabilities

Cisco WLSE and HSE devices contain hardcoded username and password

Cross-Domain Scripting Vulnerability in Internet Explorer

CDE dtlogin XDMCP vulnerability

Remotely exploitable ISS vulnerability

Linux Kernel mremap() Vulnerabilities

US-CERT
Current Activity

Latest Version:
Tue Jun 8 15:54:46 EDT 2004

W32/Korgo.F

Increased Scanning of 5000/tcp

W32/Sasser

Exploit for Microsoft PCT vulnerability released

Exploitation of Outlook Express MHTML Cross-Domain Scripting Vulnerability

Phatbot Trojan

Many Variants of W32/Netsky malicious code

Current Activity Archive

Identify the risks that affect the information assets important to the mission of your organization.

Survivable Systems Analysis
Define and implement system improvements to deal with inevitable intrusions in a proactive manner.

Gain practical guidance that helps you improve security within your organization. Also available in book form.

CSIRT development
Develop a computer security incident response team (CSIRT) and a body of security practices for your organization.

Easel Survivability Simulation
Simulate the effects of cyber attacks, accidents, and failures, and predict the survivability attributes of complex systems while they are under development.

Survivable Systems Engineering
The field of survivable systems engineering explores the current state of systems to identify problems and propose engineering solutions.

all research papers