Well, it isn’t Patch Tuesday yet, but that doesn’t mean there isn’t Microsoft news. A new 0-day has been found which exploits the help system in IE and older versions of windows (2000, XP, 2003). I’ve included a few links with information about the vulnerability and mitigation steps. It appears a [...]
Archive for the ‘General’ Category
Open Source Android Forensics
March 2nd, 2010
No Comments
With more and more people using mobile devices, there’s a growing need to examine these devices forensically. While there are commercial tools available, it only makes sense that there should be open source tools to use for it as well.
To that end Andrew Hoog of viaForensics has announced the first release of their Android Forensics [...]
SANS vLive!: Automating Compliance & Windows Domain Audits with David Hoelzer
February 25th, 2010
2 Comments
Based on the positive feedback we received from the vLive! course we promoted with SANS recently, we’re doing it again!
Everyone has a Microsoft Windows system, and most of us have a lot of them. How can you know whether or not your systems are configured securely? How do you know that users are following security policies [...]
Vulnerability Roundup
February 25th, 2010
No Comments
Another week, another Adobe security problem, this time in Adobe’s Download Manager. The Adobe Download Manager (DLM) used to download updates from Adobe’s site, but Aviv Raff discovered a vulnerability which would force the Download Manager to download a file of an attacker’s choosing. DLM is supposed to remove itself from [...]
Vulnerability Roundup
February 17th, 2010
No Comments
While they were absent from last week’s roundup, Adobe has returned with advisories in 3 of their products, not surprisingly Flash and Reader, and also BlazeDS which is included in some of their server offerings. The Flash and Reader vulnerabilities share a CVE (CVE-2010-0186) which can allow an attacker to subvert [...]
Vulnerability Roundup
February 10th, 2010
No Comments
So last month’s Patch Tuesday was pretty quiet on the Microsoft front. Not so lucky this month with a total of 13 bulletins, 5 critical, 7 important. And one for MS Paint. That’s right, Paint. Looks like I’ll have to put down the little spray paint tool for a bit. The [...]
Adobe JavaScript Blacklisting
February 10th, 2010
No Comments
The JavaScript implementations in Adobe Reader and Acrobat have been a sore spot for Adobe (as well as administrators) for a while now. To help make the world a safer place, Adobe has added a feature to Reader (versions 9.2 and 8.1.7) to allow administrators to blacklist certain functions in the JavaScript API. Many times [...]
Vulnerability Roundup
February 4th, 2010
No Comments
Another week, another Adobe advisory. This time, it’s not reader, but ColdFusion 9 which shipped with a service someone forgot to lock down to the localhost which would allow an attacker to view system information as well as mess with search indexes.
Two advisories from Cisco as well this week, covering two [...]
SecuraBit T-Shirts are back! Pre-order to pickup at the Podcaster’s Meetup!
February 2nd, 2010
No Comments
We don’t have the final artwork back yet for posting here, however they are similar to the past design with one major exception: We inverted the black and white, so they are white t-shirts with black lettering.
We will have the following quantities:
9 Small
14 Medium
21 Large
21 X-Large
7 XX-Large
The shirts will be $12 each for pickup (you [...]
