I am going to start accumulating links for weekly posts. Here's the first set:
- "Patch Tuesday" includes two CRITICAL patches rated "PATCH NOW" by SANS
SANS issued the unusual "PATCH NOW" recommendation for two of this month's "Patch Tuesday" patches. One is rated "Critical" for Windows XP by Microsoft, and the other affects IIS (Microsoft's web-server software). If you are running XP on a Windows network with "Administrator" rights, you should run Windows Update ASAP. See the SANS page here: September 2010 Microsoft Black Tuesday Summary
- Microsoft Patch Tuesday – September 2010 | eEye IT Security Blog
Well, our friends in Redmond have been busy these past few months. Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month.
From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068. Note that MS10-061 is being used in the wild as part of a variant of the Stuxnet worm currently targeting SCADA devices. Take a look at this nifty flowchart to help understand configurations that are remotely vulnerable to MS10-061.
- US-CERT Current Activity: Microsoft Releases September Security Bulletin
added September 14, 2010 at 01:53 pm
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for September 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
- McAfee Security Insights Blog » Blog Archive » The Usibility of Passwords
I just came across a must read for everyone. (Cyber Son #1 came across this great article, BTW) It is called The Usability of Passwords. What I like is that it very thoroughly breaks down what people generally use for passwords, all of the ways in which passwords are stolen and then what the usual suggestions for a “safe “password might be.
- CloudUSB - CloudUSB Computer
Keep your data and your programs in your pocket; use them on every computer you find without worrying about letting around some unwanted logs and this without giving away your data security or privacy!
- Adobe - Security Advisories: APSA10-02 - Security Advisory for Adobe Reader and Acrobat
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.
Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.
- US-CERT Current Activity: Google Releases Chrome 6.0.472.59
added September 15, 2010 at 08:18 am
Google has released Chrome 6.0.472.59 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.