Archive for June, 2009
NIST security checklists
Monday, June 29th, 2009http://checklists.nist.gov/ National Checklist Program Formerly the (NIST Security Configuration Checklist Program) The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. Direct link to docs.http://iase.disa.mil/stigs/checklist/index.html
five steps to secure a new PC – I like #2 and 3
Monday, June 29th, 2009http://www.computerworld.com/action/article.do?command=printArticleBasic&taxonomyName=Security&articleId=9134928&taxonomyId=17 CSO – A common misconception is that a shiny new computer is more or less secure because it hasn’t yet been exposed to the Internet’s sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items …
Multiple vulnerabilities identified in Mozilla products
Friday, June 26th, 2009As of June 26, multiple vulnerabilities were have been identified in the following products.Mozilla Thunderbird versions prior to 2.0.2.22 Mozilla SeaMonkey versions prior to 1.1.17Mozilla Firefox versions prior to 3.0.11 Please patch these applications as soon as possible Specific vulnerability alerts can be viewed at the following URLs Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security …
10 ways to avoid viruses and spyware
Wednesday, June 24th, 2009Nothing really new or profound http://i.techrepublic.com.com/downloads/dl_10_ways_avoid_viruses.pdf Install quality antivirus Install real-time anti-spyware protection Keep anti-malware applications current Perform daily scans Disable autorun Disable image previews in Outlook Don’t click on email links or attachments Surf smart Use a hardware-based firewall Deploy DNS protection
Foxit Reader JPEG2000/JBIG Decoder Add-On Vulnerability
Monday, June 22nd, 2009http://secunia.com/advisories/35512/2/ Foxit Reader JPEG2000/JBIG Decoder Add-On Vulnerability Description:Will Dormann has discovered a vulnerability in the JPEG2000/JBIG Decoder add-on for Foxit Reader, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error when parsing boxes in a JPEG 2000 stream and can be exploited to …
Report: No Magic Bullet For Database, Server Security
Tuesday, June 16th, 2009In short, it still comes down to using the old established practices of defense in depth. I doubt that will change soon. http://www.darkreading.com/database_security/security/encryption/showArticle.jhtml;jsessionid=UN1ITMLF32PI0QSNDLPSKHSCJUNN2JVN?articleID=217800855 Report: No Magic Bullet For Database, Server Security New Forrester report says encryption, data monitoring technologies key tools for now
Updates for Adobe Reader – June 10
Friday, June 12th, 2009Security Updates available for Adobe Reader and Acrobat Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2http://www.adobe.com/support/security/bulletins/apsb09-07.html
10 Immutable Laws of Security
Friday, June 12th, 2009http://technet.microsoft.com/en-us/library/cc722487.aspx Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See …
Software restriction policy for Windows
Monday, June 8th, 2009http://mechbgon.com/srp/ Ruin a malware author’s whole day with a Software Restriction Policy! : ) If you’re using a Limited account on Windows XP Professional Edition, or a Standard user account on Windows Vista Business/Ultimate/Enterprise Editions, consider further enhancing your security by adding a Software Restriction Policy. Setting up a Software Restriction Policy takes just a …
