Archive for October, 2009

Patch that firefox – Vulnerabilities in 3.5.3 and 3.0.14

Thursday, October 29th, 2009

For those of you running firefox 3.0.14 or 3.5.3, please do a check for updates (you will need to do a runas admin for it not to be greyed out) http://secunia.com/advisories/36711/Mozilla Firefox Multiple Vulnerabilities Critical:                                    Highly critical Impact: Security BypassManipulation of dataExposure of sensitive informationSystem access Where: From remote Solution Status: Vendor Patch 1) An […]

DIR Cyber Security Tips – October top 10

Monday, October 26th, 2009

The monthly DIR Cyber Security Tips are available at -http://www.dir.state.tx.us/security/reading/index.htm The month of October pertains to – Top Ten Cyber Security Tips – http://www.dir.state.tx.us/security/reading/200910cybersec.pdf Topics of past Cyber Security Tips include Browser Cookies – http://www.dir.state.tx.us/security/reading/200909cybersec.pdfCyber Crime – http://www.dir.state.tx.us/security/reading/200908cybersec.pdfSecurity of Mobile Communication Devices – http://www.dir.state.tx.us/security/reading/200907cybersec.pdf

Are you reading logs? – heres a SANs link that has some log aggregators

Wednesday, October 14th, 2009

The SANs Diary for Wednesday has a good article on log aggregators. While I have included the original content below, the article is at http://isc.sans.org/diary.html?storyid=7351 (incase something is added later) Often times, if hackers or worms break into your computer, they will try to delete the logs on the local computer to help hide their […]

For those of you thinking about upgrading to snow leopard – dont

Tuesday, October 13th, 2009

And if you do, heres a fix to address the lost home folder issue http://reviews.cnet.com/8301-13727_7-10356505-263.html? How to restore Lost home folder after logging in as guest in Snow Leopard Be aware that Snow Leopard seems to have a problem with how guest accounts are handled on systems that had them enabled before upgrading from Leopard. […]

Good set of addins for web vulnerability testing using Firefox

Monday, October 12th, 2009

Just ran across these – https://addons.mozilla.org/en-US/firefox/collection/redspin-web Specifically these are pretty handy. There are some tools that can test for Cross Site scripting and SQL injection. https://addons.mozilla.org/en-US/firefox/addon/6727?collection_uuid=0e892c37SQL Injection is an Upgrade from the old form free, it is a component to transform checkboxes, radio buttons, select elements to a input text and enable disabled elements from […]

Adobe reader and Acrobat zero day vulnerability – to be patched on 10/13

Monday, October 12th, 2009

There is a zero day vulnerability for Acrobat and Reader. As I understand it a patch is to be released on Tuesday, October 13. http://secunia.com/advisories/36983/Critical:   Extremely criticalImpact: System accessWhere:     From remoteSolution Status:     Unpatched Description:A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a […]

Details on October patch Tuesday have been announced

Thursday, October 8th, 2009

See the following URL – http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx Microsoft Security Bulletin Advance Notification for October 2009Published: October 08, 2009 There are eight Critical patches for the following products: Win XPSP2 and SP3, Win 2000SP4, Server 2003SP2, Vista SP1 and SP2, IE 6, IE7 and IE8, Office Outlook 2002 and Office Outlook 2003. UpdateSee details about the patches […]

Change that hotmail PW – 10K accounts possibly compromised

Tuesday, October 6th, 2009

http://isc.sans.org/diary.html?storyid=7276 Published: 2009-10-05, Microsoft has confirmed that thousands of Windows Live accounts have been compromised with their passwords posted online. Mainstream media such as the BBC are also carrying the story. Some information is posted here. Some does and don’ts: Do change your passwords on a regular basis (every six months or so) Do use […]