Archive for November, 2009

Vulnerabilities in Firefox by version

Monday, November 23rd, 2009

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html Security Advisories for Firefox 3.0 http://www.mozilla.org/security/known-vulnerabilities/firefox35.html Security Advisories for Firefox 3.5

Vulnerability being exploited in Internet Explorer 6 and 7

Monday, November 23rd, 2009

Update – according to the Microsoft Security Response Center ( http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx ), IE 7 in Vista Runs CAN run in protected mode and that reduces the risk by requiring a user to authorize a change that would otherwise be made to system files. MULTI-STATE INFORMATION SHARING AND ANLAYSIS CENTER CYBER SECURITY ADVISORY   MS-ISAC ADVISORY […]

Zero Day vulnerability for Windows 7 – block ports 139 – 445

Monday, November 16th, 2009

Ports 139 and 445 are blocked at the University Firewall for all systems http://www.computerworld.com/s/article/9140858/Microsoft_confirms_first_Windows_7_zero_day_bug Microsoft confirms first Windows 7 zero-day bug Urges users to block ports until a patch is ready, but workaround cripples browsers

Summary of the Microsoft patches for November – six patches for 15vulnerabilities

Tuesday, November 10th, 2009

http://blogs.technet.com/msrc/archive/2009/11/10/november-2009-security-bulletin-release.aspx November 2009 Security Bulletin Release Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word).

Vulnerability in TLS – SSL

Monday, November 9th, 2009

DIR just sent this e-mail. They don’t have any ways to address the vulnerability yet. As anything new is made available I will add to this topic Current Recommendations Apply the appropriate vendor patches to vulnerable systems as soon as it becomes available after appropriate testing. Remind users not to visit un-trusted websites or follow […]

Patch that Java and Shockwave (flash) player

Wednesday, November 4th, 2009

Vulnerabilities have been identified with both Java and Flash (AKA shockwave player). Please patch these as soon as possible. JDK and JRE 6 Update 17: http://java.sun.com/javase/downloads/index.jsp Update to version 11.5.2.602: http://get.adobe.com/shockwave/

USB sticks used to expose/steal sensitive data

Monday, November 2nd, 2009

From http://2mw.mcafee.com/2minutebroadcast.asp USB Sticks Used to Expose, Steal Sensitive Data Researchers at MWR InfoSecurity report that USB sticks have been found to contain a serious security flaw that could be exploited to computers around the world. The British firm says that the flaw could allow the creation of USB sticks that “interrogate a computer and […]

Free Cyber Security Training provided by DIR and DHS

Monday, November 2nd, 2009

As National Cyber Security Awareness Month comes to a close, I wouldlike to thank everyone who took the time to view one of the nationalcyber webcasts, participated in a cyber security training event, orsimply supported this national  campaign through other means.  The themeof this years campaign was Cyber Security is Everyone’s Responsibility.Let’s put forth  the […]