This morning I was doing a fresh install of Windows XP SP2 into a Virtual Machine. So far, things are fine I went through windowsupdate and found 3 updates the first time, then rebooted and hit windowsupdate again to see 55 updates available. A lot of times when I set up a new pc for somebody they wonder why I want to check windows update multiple times. They’ll usually say something along the lines “but it’s brand new there shouldn’t be any updates.” Well, this install was from a SP2 disk and there have been a large number of updates since that was released. Many manufacturers use fairly sophisticated techniques to roll out the default install images they use, but it’s still very possible that your machine will have several updates waiting for it when you get it.
Category: Security
-
Powerpoint vulnerability (August 2006)
I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ over at securiteam.com.
-
Mac Wireless driver Security vulnerability revisited
A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included the MacBook native drivers (among others.) There was immediate controversy over the fact it was a video demo. I thought their explanation for that was reasonable. (They didn’t want to give a room full of crackers a chance to sniff the wireless traffic and get TOO much detail on the exploit before vendors had a good chance to give updates.) Well… at this point it sounds like among other things, they have not yet demonstrated to Apple an effective use of this exploit against the wireless drivers on the macbook.
-
Encrypting wireless traffic
Incidents.org has been running their security tip a day this month and I really liked this one. It’s essentially a way to encrypt your wireless traffic using ssh. That’s something I’ve covered here before, but it’s worth reminding that it’s possible and a good idea.
-
Other MS patch news as well as a Yahoo vulnerability?
Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…
“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”
Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.
-
MS06-040 update
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the spamming world didn’t waste much time in making use of this one.
-
Being cautious on the web…
Incidents.org is reporting on the defacement of a security related web site (winsnort.com). They say they usually decline to comment on those because the attention is what the defacers thrive on. However, it does pay to keep your browser updated and antivirus current. What’s more…. Several days ago there was the news that the President of Iran now has a blog (which is ironic in many ways given the restrictions they place on internet use….) But… anyway, I figured he is getting his propaganda tool our and ready in advance of the UN showdown over the nuclear program. Well, it turns out that some have noticed an interesting gift from the visit to Mr. Ahmadinejad’s site….
-
Ruby on Rails urgent update
A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compatible with 1.1.4 all previous versions appear to be vulnerable.
-
Exploit out for MS06-040
The big computer security news of the day is the release of exploit code publicly for MS06-040. The patch of course was released Tuesday and it is fairly critical to get the update installed. This is “wormable” It CURRENTLY affects all Windows 2000 systems and XP (with no service pack) as well as SP1. It currently doesn’t seem to work with SP2 of Win XP, or with Windows 2003 or NT4. A bit more information is at the incidents.org link above.
-
Blackberry vulnerability to be released soon
Between the Lines is warning that Blackberry Enterprise servers ought to be placed in the DMZ (if not already.) There is word that a critical vulnerability will be announced on August 14th. (And if we already know that’s coming then SOMEONE knows what that vulnerability is.) It basically uses software on the Blackberry (which could be received as an email attachment) to tunnel through to the Blackberry server and have remote access to the network. There are some suggestions from Research in Motion, but they may not be fully effective.