Archive for June, 2010

Whats this vulnerability scanning thing of which you speak?

Friday, June 25th, 2010

The process of performing a vulnerability scan is intended to identify product or software versions (on workstations) that are no longer current and have had updates released by the vendor that should be installed. site has a product called Online Software Inspector –  It is free and uses Java to identify vulnerable versions […]

Firefox update – version 3.6.4 released

Wednesday, June 23rd, 2010

An updated version of Firefox was released on 6/23 – It can be downloaded from (Windows) Other OS versions at – According to SANs, it fixes seven vulnerabilities

Kaminsky Issues Developer Tool To Kill Injection Bugs

Tuesday, June 15th, 2010 Issues Developer Tool To Kill Injection BugsResearcher’s new startup offers up new approach to preventing common SQL injection, XSS vulnerabilities in software Renowned security researcher Dan Kaminsky today went public with the launch of a new venture as well as its first deliverable — a tool for application developers that helps prevent pervasive string […]

Zero day vulnerability in Help and Support center application (helpctr.exe) for WinXP and Win2003 server

Friday, June 11th, 2010

Late in the day on Thursday, June 10, a zero-day exploit was identified with the Help and Support center application for Windows XP and Windows server 2003. The details of this are just now coming out. The exploit could be successful on a workstation that visits a specially crafted web page or if the user […]

Group lists top five social media risks for businesses

Friday, June 11th, 2010 lists top five social media risks for businessesThreats include malware, brand hijacking and losing control over information, says ISACA Computerworld – As businesses increasingly try to figure out how to use social networking tools in the enterprise, an IT governance group has released a ranking of the top five risks social media poses to […]

Dont’ forget to update flash today – current version is

Friday, June 11th, 2010

Patch that flash – Update to address most recent vulnerability now available – 10.1 Adobe Flash Player version 10.1 Windows, Firefox, Safari, Opera

Smart phones – Dos and Don’t for business

Tuesday, June 8th, 2010 Mobile phone security dos and don’ts It used to be a luxury to own a smart phone. Now everyone seems to have one, and can’t seem to do their jobs without it. As the number of apps proliferate and the market floods with the latest flavor of BlackBerry, iPhone, Droid, etc., IT security shops […]

Vulnerability in Adobe Reader -version 9.3.2 – currently unpatched

Monday, June 7th, 2010 Criticality level        Extremely critical Impact     System access        Where     From remoteSolution Status     Unpatched DescriptionA vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more […]

Advance notice – June Microsoft patches – ten bulletins for 34vulnerabilities

Thursday, June 3rd, 2010 Microsoft Security Response Center (MSRC)June 2010 Security Bulletin Advance Notification Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities.     *      Six of the bulletins affect Windows; of those, two carry a Critical […]

Do you use facebook? If so, you should read this SANs diary

Thursday, June 3rd, 2010 The comments are the real takeaway here – Comments Is the bad javascript coming from or Just wondering if “Noscript” will block this if we have only whitelisted or perhaps and also If the javascript is from an “external” site will Noscript protect us? Or is the bad javascript […]