Time for Apple Mac OS X updates again

Tuesday, August 1st, 2006

From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is [...]

Exploits a plenty – IE / Excel (Firefox?)

Thursday, June 29th, 2006

There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s [...]

WMF 0-day exploit

Wednesday, December 28th, 2005

There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.    Send article as PDF   

Sams club credit security breech?

Tuesday, December 13th, 2005

When I saw a story on incidents.org with the title PCI Compliance, I wondered what SANS was doing covering a hardware standard…. oops. PCI in this case means Payment Card Industry. It turns out that Sams Club has had a security breech that has exposed customers credit card information. The data seems to have been [...]

More on Explorer vulnerability

Tuesday, November 22nd, 2005

Among other things… Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can enable/disable javascript where you wish). [...]

Another update on the 0day Explorer exploit

Thursday, August 18th, 2005

Well, it looks like quite a bit took place while I was out on the “zero day exploit front”. It looks as though there is another update at The Sans Institute. The first thing to notice is that they’ve raised their alert level to Yellow over the impending active exploitation of this vulnerability.    Send [...]

Update on Internet Explorer Zero Day exploit

Thursday, August 18th, 2005

Yesterday I mentioned a SANS report on a possible zero day exploit against Internet Explorer. Today they have more details in the handlers diary. Among other things SANS has issued a patch for it.    Send article as PDF   

Internet Explorer zero-day exploit?

Wednesday, August 17th, 2005

The folks over at The Sans Institute (Incidents.org) are reporting on a possible zero-day ( 0-day ) exploit against Microsoft Internet Explorer. (A zero day exploit is the name given to an exploit of a previously unknown vulnerability.) Their analysis essentially had the machine they were using go to 100% cpu and it did not [...]

Web smarts is the main defence against spyware

Tuesday, August 9th, 2005

Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your machine from spyware. He sums it up by saying common sense is the best defence.    Send article as PDF   

Google cache revealing critical personal infromation

Wednesday, August 3rd, 2005

A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I’ve come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that apparently someone made a BIG [...]

Web www.averyjparker.com

Switch to our mobile site