Archive for June, 2010
Whats this vulnerability scanning thing of which you speak?
Friday, June 25th, 2010The process of performing a vulnerability scan is intended to identify product or software versions (on workstations) that are no longer current and have had updates released by the vendor that should be installed. Secunia.com site has a product called Online Software Inspector – http://secunia.com/vulnerability_scanning/online/ It is free and uses Java to identify vulnerable versions …
Firefox update – version 3.6.4 released
Wednesday, June 23rd, 2010An updated version of Firefox was released on 6/23 – It can be downloaded fromhttp://download.mozilla.org/?product=firefox-3.6.4&os=win&lang=en-US (Windows) Other OS versions at – http://www.mozilla.com/en-US/ According to SANs, it fixes seven vulnerabilities
Kaminsky Issues Developer Tool To Kill Injection Bugs
Tuesday, June 15th, 2010http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225700088Kaminsky Issues Developer Tool To Kill Injection BugsResearcher’s new startup offers up new approach to preventing common SQL injection, XSS vulnerabilities in software Renowned security researcher Dan Kaminsky today went public with the launch of a new venture as well as its first deliverable — a tool for application developers that helps prevent pervasive string …
Zero day vulnerability in Help and Support center application (helpctr.exe) for WinXP and Win2003 server
Friday, June 11th, 2010Late in the day on Thursday, June 10, a zero-day exploit was identified with the Help and Support center application for Windows XP and Windows server 2003. The details of this are just now coming out. The exploit could be successful on a workstation that visits a specially crafted web page or if the user …
Dont’ forget to update flash today – current version is 10.1.53.64
Friday, June 11th, 2010Patch that flash – Update to address most recent vulnerability now available – 10.1 http://get.adobe.com/flashplayer/?promoid=BUIGP Adobe Flash Player version 10.1 Windows, Firefox, Safari, Opera
Smart phones – Dos and Don’t for business
Tuesday, June 8th, 2010http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/060810-mobile-phone-security-dos-and.html&pagename=/news/2010/060810-mobile-phone-security-dos-and.html&pageurl=http://www.networkworld.com/news/2010/060810-mobile-phone-security-dos-and.html&site=security Mobile phone security dos and don’ts It used to be a luxury to own a smart phone. Now everyone seems to have one, and can’t seem to do their jobs without it. As the number of apps proliferate and the market floods with the latest flavor of BlackBerry, iPhone, Droid, etc., IT security shops …
Vulnerability in Adobe Reader -version 9.3.2 – currently unpatched
Monday, June 7th, 2010http://secunia.com/advisories/40034/ Criticality level Extremely critical Impact System access Where From remoteSolution Status Unpatched DescriptionA vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more …
Advance notice – June Microsoft patches – ten bulletins for 34vulnerabilities
Thursday, June 3rd, 2010http://blogs.technet.com/b/msrc/The Microsoft Security Response Center (MSRC)June 2010 Security Bulletin Advance Notification Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities. * Six of the bulletins affect Windows; of those, two carry a Critical …
Do you use facebook? If so, you should read this SANs diary
Thursday, June 3rd, 2010http://isc.sans.org/diary.html?storyid=8893 The comments are the real takeaway here – Comments Is the bad javascript coming from facebook.com or FBCDN.com? Just wondering if “Noscript” will block this if we have only whitelisted Facebook.com or perhaps facebook.com and also FBCDN.com? If the javascript is from an “external” site will Noscript protect us? Or is the bad javascript …
