Microsoft releases official VML patch!!

Tuesday, September 26th, 2006

The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should [...]

Apple Macbook pro and other wireless fixes

Thursday, September 21st, 2006

Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over [...]

More Microsoft Patch problems MS06-042

Tuesday, August 22nd, 2006

This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer [...]

Microsoft August Updates

Tuesday, August 8th, 2006 has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get [...]

Nasty Javascript attack possibilities

Friday, August 4th, 2006

There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn’t a big enough problem…) Javascript is a powerful language and can be used for many things, but in these demonstrations, it was used to track recently visited sites (by the browser victim) and identify the [...]

7 Updates coming from Microsoft in July

Friday, July 7th, 2006

We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It’s expected that we’ll see an update for the Excel issues that have been talked about [...]

Phishing – so many flaws to exploit so little time

Wednesday, June 28th, 2006

In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit [...]

The spammers win a round

Wednesday, May 17th, 2006

There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here [...]

Microsoft updates for May

Tuesday, May 9th, 2006

It looks as though there are two critical updates to be had today, one moderate/low (depending on the OS version.) The critical updates are one biggy for Exchange server which is reported to break some functionality with regards to Blackberry -> exchange server integration… This is an obviously important patch to get in since the [...]

BIOS based rootkits coming soon….

Friday, January 27th, 2006

There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this [...]


Switch to our mobile site