Archive for June, 2010

Whats this vulnerability scanning thing of which you speak?

Friday, June 25th, 2010

The process of performing a vulnerability scan is intended to identify product or software versions (on workstations) that are no longer current and have had updates released by the vendor that should be installed. Secunia.com site has a product called Online Software Inspector – http://secunia.com/vulnerability_scanning/online/  It is free and uses Java to identify vulnerable versions […]

Firefox update – version 3.6.4 released

Wednesday, June 23rd, 2010

An updated version of Firefox was released on 6/23 – It can be downloaded fromhttp://download.mozilla.org/?product=firefox-3.6.4&os=win&lang=en-US (Windows) Other OS versions at – http://www.mozilla.com/en-US/ According to SANs, it fixes seven vulnerabilities

Kaminsky Issues Developer Tool To Kill Injection Bugs

Tuesday, June 15th, 2010

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225700088Kaminsky Issues Developer Tool To Kill Injection BugsResearcher’s new startup offers up new approach to preventing common SQL injection, XSS vulnerabilities in software Renowned security researcher Dan Kaminsky today went public with the launch of a new venture as well as its first deliverable — a tool for application developers that helps prevent pervasive string […]

Zero day vulnerability in Help and Support center application (helpctr.exe) for WinXP and Win2003 server

Friday, June 11th, 2010

Late in the day on Thursday, June 10, a zero-day exploit was identified with the Help and Support center application for Windows XP and Windows server 2003. The details of this are just now coming out. The exploit could be successful on a workstation that visits a specially crafted web page or if the user […]

Group lists top five social media risks for businesses

Friday, June 11th, 2010

http://www.computerworld.com/s/article/9177786/Group_lists_top_five_social_media_risks_for_businessesGroup lists top five social media risks for businessesThreats include malware, brand hijacking and losing control over information, says ISACA Computerworld – As businesses increasingly try to figure out how to use social networking tools in the enterprise, an IT governance group has released a ranking of the top five risks social media poses to […]

Dont’ forget to update flash today – current version is 10.1.53.64

Friday, June 11th, 2010

Patch that flash – Update to address most recent vulnerability now available – 10.1 http://get.adobe.com/flashplayer/?promoid=BUIGP Adobe Flash Player version 10.1 Windows, Firefox, Safari, Opera

Smart phones – Dos and Don’t for business

Tuesday, June 8th, 2010

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/060810-mobile-phone-security-dos-and.html&pagename=/news/2010/060810-mobile-phone-security-dos-and.html&pageurl=http://www.networkworld.com/news/2010/060810-mobile-phone-security-dos-and.html&site=security Mobile phone security dos and don’ts It used to be a luxury to own a smart phone. Now everyone seems to have one, and can’t seem to do their jobs without it. As the number of apps proliferate and the market floods with the latest flavor of BlackBerry, iPhone, Droid, etc., IT security shops […]

Vulnerability in Adobe Reader -version 9.3.2 – currently unpatched

Monday, June 7th, 2010

http://secunia.com/advisories/40034/ Criticality level        Extremely critical Impact     System access        Where     From remoteSolution Status     Unpatched DescriptionA vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more […]

Advance notice – June Microsoft patches – ten bulletins for 34vulnerabilities

Thursday, June 3rd, 2010

http://blogs.technet.com/b/msrc/The Microsoft Security Response Center (MSRC)June 2010 Security Bulletin Advance Notification Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities.     *      Six of the bulletins affect Windows; of those, two carry a Critical […]

Do you use facebook? If so, you should read this SANs diary

Thursday, June 3rd, 2010

http://isc.sans.org/diary.html?storyid=8893 The comments are the real takeaway here – Comments Is the bad javascript coming from facebook.com or FBCDN.com? Just wondering if “Noscript” will block this if we have only whitelisted Facebook.com or perhaps facebook.com and also FBCDN.com? If the javascript is from an “external” site will Noscript protect us? Or is the bad javascript […]