| Hirantha 的个人资料{ pointy end of the curl...日志列表留言簿 | 帮助 |
|
11月24日 Microsoft Security Advisory 977981 - IE 6 and IE 7Microsoft has released Security Advisory 977981. It details vulnerabilities in Internet Explorer 6 and 7 on various operating systems. The advisory does not provide any patches or new versions at this point, but does provide several recommendations for mitigation. 11月12日 Apple Safari 4.0.4 ReleasedSafari 4.0.4 was released yesterday for download, affecting both OS X and Windows versions. Multiple security issues are addressed in this version, including remote code execution, process termination and disclosure of information issues. Also one fix for a specific coss-site request forgery (CSRF) 11月9日 First iPhone worm discoveredApple iPhone owners in Australia have reported that their smart phones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley. The worm, which could have spread to other countries although there are no confirmed reports outside Australia, is capable of breaking into jail broken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message:
What's clear is that if you have jail broken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, "alpine". In fact, it would be a good idea if you didn't use a dictionary word at all. The worm will not affect users who have not jail broken their iPhones or who have not installed SSH. SophosLabs is analyzing the worm's code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labeled the "D" version) is that it tries to hide its presence by using a file path suggestive of the Cydia application. Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper. However, that doesn't mean that attacks like this can be considered harmless. 11月6日 RIM fixes random code execution vulnerabilityAffected: BlackBerry Desktop Software version 5.0 and earlier (on all platforms) - IBM Lotus Notes Intellisync Fixed in version 5.01 CVSS score: 9.3 More info: KB19701 The KB contains a workaround for those not needing the Lotus Notes Intellisync functionality. 10月28日 New VMware Desktop Products ReleasedVMware Fusion 3.0 gone from Release Candidate to General Availability, so as VMware Workstation 7.0 and VMware ACE 2.6 New features
More Info http://www.vmware.com/company/news/releases/fusion3-preorder.html 10月26日 Truecrypt 6.3 releasedfrom their version history notes:
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). More information here: http://www.truecrypt.org/docs/?s=version-history 10月20日 Oracle Critical Patch Update Advisory - October 2009There are lots of vulnerabilities DBAs must act upon ASAP, although it "only" addresses 38 vulnerabilities...
More (advance) information in the pre-release announcement : http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html 8月27日 Cisco over-the-air-provisioning skyjacking exploitCisco issued a security advisory for its 1100 and 1200 Series access lightweight points. The advisory is based on work done by wifi IDS firm AirMagnet. Cisco uses an Over-The-Air-Provisioning (OTAP) protocol that uses multicast data to find a controller. During this initialization phase, a rogue controller could respond and send a bad configuration to the access point, disabling the device.
Cisco provides an advisory here: http://tools.cisco.com/security/center/viewAlert.x?alertId=18919 . The quick summary: Establish basic configuration options like encryption keys and preferred controller lists before deploying the device. 8月24日 Updates to VMWare ProductsVMware has released the following new security advisory, VMSA-2009-0010 This advisory results in updates to VMware Workstation VMware Player VMware ACE Thunderbird Version 2.0.0.23 releasedA new version of Thunderbird, version 2.0.0.23, is available. Thus update fixes MFSA 2009-42 (Compromise of SSL-protected communication). If you are a Thunderbird user, it is probably best to apply this update as soon as convenient. Note that, It appears this update, which affects multiple Mozilla products, has changed the rules for security certificates generated with wildcards. More information is available at the Fourmilab Blog. 8月20日 Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1The Windows SDK for Windows 7 and .NET Framework 3.5 SP1 provides the documentation, samples, header files, libraries, and tools (including C++ compilers) that you need to develop applications to run on Windows 7 and the .NET Framework 3.5 SP1. To build and run .NET Framework applications, you must have the corresponding version of the .NET Framework installed. This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, which are available free of charge. Please see the Release Notes for the full list of supported platforms, compilers, and Visual Studio versions and any late breaking issues. For detailed information about the content in this SDK, including a description of new content, please see the Getting Started section in the documentation. Download at Microsoft Download 7月16日 Firefox 3.5 new exploitThe Mozilla security blog confirms an exploit against an unpatched vulnerability Firefox 3.5 exists and has been made public. Do note that Heisse tried to confirm the vulnerability and only managed a crash on Vista and can't seem to make it work on Windows 7 RC1 The mozilla blog above has a workaround by temporary disabling the Alternatively one could install and use NoSCript to disable all javascript by default. 7月2日 New VMWare Security AdvisoryVMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vulnerability allows a remote attacker to cause a DoS or potentially execute arbitrary code on the ESX server.
6月23日 Microsoft Security Essentials BETA (Morro)This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).Please visit the more information page to learn more about system requirements, our End User License Agreement and other important information. To get the beta, just click here or on the button on the top of this page. This will take you to Microsoft Connect where you'll answer a few questions and then be able to download the Security Essentials beta. 6月18日 Web Of Trust – Browser add-onWOT stands for Web Of Trust, it is a community knowledge based system where information on websites are shared. After installing the add-on, the links from search engines are tagged with extra symbols showing whether the site's "reputation" level. Very simple to understand, red means potentially bad site and green means good site. WOT is available for both Firefox and IE . If you choose to use it, remember to contribute back to the project back by helping to rate sites as you visit them. 6月12日 Google updates for ChromeGoogle has released an update for Chrome, their own web browser. From their advisory here: "Google Chrome's Stable channel has been updated to version 2.0.172.31 to fix two security issues in WebKit." CVE-2009-1690 is a memory corruption which can lead to arbitrary code execution within the sandbox. CVE-2009-1718 is an information leak. Both CVE's name Apple Safari, however they also affect Google Chrome. 5月5日 Adobe Reader/Acrobat Critical VulnerabilityA critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acrobat versions 9.1 and earlier. According to the announcement, Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. Additionally, there is a second vulnerability specific to Adobe Reader for Unix that will be resolved by this update as well.
Ref: Adobe Reader/Acrobat Critical VulnerabilityA critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acrobat versions 9.1 and earlier. According to the announcement, Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. Additionally, there is a second vulnerability specific to Adobe Reader for Unix that will be resolved by this update as well.
Ref: 4月29日 Playing For Change | Song Around The World "Stand By Me"The Concord Music Group and Playing for Change has produced this truly wonderful video of street musicians around the world laying down their own unique music tracks on this great classic "Stand by Me" by Ben E. King. All the episodes are available here. 4月22日 Microsoft Network Monitor 3.3 releasedTechnorati Tags: Microsoft,Networking Network Monitor 3.3 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. Version 3.3 is an update and replaces Network Monitor 3.2. Network Monitor 3.x is a complete overhaul of the previous Network Monitor 2.x version. The Network Monitor core engine has been decoupled from the parser set. To install the full Network Monitor 3.3 product:
To uninstall the full Network Monitor 3.3 product:
Download : Microsoft Downloads |
|
|