Archive for June, 2009

NIST security checklists

Monday, June 29th, 2009

  http://checklists.nist.gov/ National Checklist Program Formerly the (NIST Security Configuration Checklist Program) The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. Direct link to docs.http://iase.disa.mil/stigs/checklist/index.html

five steps to secure a new PC – I like #2 and 3

Monday, June 29th, 2009

http://www.computerworld.com/action/article.do?command=printArticleBasic&taxonomyName=Security&articleId=9134928&taxonomyId=17 CSO – A common misconception is that a shiny new computer is more or less secure because it hasn’t yet been exposed to the Internet’s sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items […]

Multiple vulnerabilities identified in Mozilla products

Friday, June 26th, 2009

As of June 26, multiple vulnerabilities were have been identified in the following products.Mozilla Thunderbird versions prior to 2.0.2.22 Mozilla SeaMonkey versions prior to 1.1.17Mozilla Firefox  versions prior to 3.0.11 Please patch these applications as soon as possible Specific vulnerability alerts can be viewed at the following URLs Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security […]

10 ways to avoid viruses and spyware

Wednesday, June 24th, 2009

Nothing really new or profound http://i.techrepublic.com.com/downloads/dl_10_ways_avoid_viruses.pdf Install quality antivirus Install real-time anti-spyware protection Keep anti-malware applications current Perform daily scans Disable autorun Disable image previews in Outlook Don’t click on email links or attachments Surf smart Use a hardware-based firewall Deploy DNS protection

Foxit Reader JPEG2000/JBIG Decoder Add-On Vulnerability

Monday, June 22nd, 2009

http://secunia.com/advisories/35512/2/     Foxit Reader JPEG2000/JBIG Decoder Add-On Vulnerability Description:Will Dormann has discovered a vulnerability in the JPEG2000/JBIG Decoder add-on for Foxit Reader, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error when parsing boxes in a JPEG 2000 stream and can be exploited to […]

Report: No Magic Bullet For Database, Server Security

Tuesday, June 16th, 2009

In short, it still comes down to using the old established practices of defense in depth. I doubt that will change soon. http://www.darkreading.com/database_security/security/encryption/showArticle.jhtml;jsessionid=UN1ITMLF32PI0QSNDLPSKHSCJUNN2JVN?articleID=217800855 Report: No Magic Bullet For Database, Server Security New Forrester report says encryption, data monitoring technologies key tools for now

Updates for Adobe Reader – June 10

Friday, June 12th, 2009

Security Updates available for Adobe Reader and Acrobat Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2http://www.adobe.com/support/security/bulletins/apsb09-07.html

10 Immutable Laws of Security

Friday, June 12th, 2009

http://technet.microsoft.com/en-us/library/cc722487.aspx Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See […]

Vulnerabilities in Microsoft AD

Wednesday, June 10th, 2009

For those of you who run ADs. >>> “Luevano, Ana” <ana.luevano@dir.state.tx.us> 6/9/2009 3:55 PM >>>MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITYADVISORY MS-ISAC ADVISORY NUMBER:2009-034 DATE(S) ISSUED:6/9/2009 SUBJECT:Vulnerabilities in Active Directory Could Allow Remote Code Execution(MS09-018) OVERVIEW:Two vulnerabilities have been discovered in Active Directory. ActiveDirectory is a Microsoft technology that enables authentication andaccess to resources […]

Software restriction policy for Windows

Monday, June 8th, 2009

http://mechbgon.com/srp/ Ruin a malware author’s whole day with a Software Restriction Policy! : ) If you’re using a Limited account on Windows XP Professional Edition, or a Standard user account on Windows Vista Business/Ultimate/Enterprise Editions, consider further enhancing your security by adding a Software Restriction Policy. Setting up a Software Restriction Policy takes just a […]