The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should […]
Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over […]
This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer […]
Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get […]
There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn’t a big enough problem…) Javascript is a powerful language and can be used for many things, but in these demonstrations, it was used to track recently visited sites (by the browser victim) and identify the […]
We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It’s expected that we’ll see an update for the Excel issues that have been talked about […]
In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit […]
There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here […]
It looks as though there are two critical updates to be had today, one moderate/low (depending on the OS version.) The critical updates are one biggy for Exchange server which is reported to break some functionality with regards to Blackberry -> exchange server integration… This is an obviously important patch to get in since the […]
There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this […]
Bookmark this site now by pressing Ctrl+D
