Archive for January, 2010
VMware hardening guide
Wednesday, January 27th, 2010http://isc.sans.org/diary.html?storyid=8080 VMware announces the first draft of the vSphere Hardening Guide, posted for public comment. A worthy successor to the current VMware Hardening Guide, it contains over 100 guidelines, split into the following sections: * Introduction * Virtual Machines * Host * vNetwork * vCenter * Console OS (for …
Article-creating passwords you can remember
Monday, January 25th, 2010http://www.networkworld.com/news/2010/012210-creating-secure-passwords-you-can.html?hpg1=bn Creating Secure Passwords You Can Remember A study of passwords hacked from RockYou.com illustrates just how insecure most passwords are
Vulnerability in Internet Explorer could allow remote code execution
Friday, January 15th, 2010This vulnerability is being exploited in IE versions 6-8 and on all Windows Operating Systems. Please follow the recommended procedures. RECOMMENDATIONS:We recommend the following actions be taken: Consider applying appropriate workarounds recommended by Microsoft to vulnerable systems immediately after appropriate testing: ยท Set Internet and Local intranet security zone settings to “High” to prompt before …
Microsoft advises the removal of Flash player version 6 from XP
Wednesday, January 13th, 2010http://isc.sans.org/diary.html?storyid=7957 Published: 2010-01-12, As part of today’s bulletin release, Microsoft advices users of Windows XP to uninstall Flash Player 6 which is installed with Windows XP. Affected users should upgrade to the latest version or Flash Player which is available for download from Adobe. The Adobe Flash Player was only provided with Windows XP, up …
January Microsoft patches – looks like a light month
Friday, January 8th, 2010Everything I am seeing seems to indicate Jan will be a light patch month for Microsoft productshttp://blogs.technet.com/msrc/archive/2010/01/07/january-2010-bulletin-release-advance-notification.aspx It may be a new year but here in the Microsoft Security Response Center, it is business as usual. This month we have one bulletin addressing a single vulnerability in Windows. The vulnerability is critical on Windows 2000 …
Vulnerability in IIS version 6.0
Monday, January 4th, 2010According to what I am reading, this can only be exploited if best practice recommendations are not observed. http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but …
