ISC StormCast for Wednesday, May 22nd 2013 http://isc.sans.edu/podcastdetail.html?id=3323, (Wed, May 22nd)

Posts Tagged ‘podcasts’

ISC StormCast for Wednesday, May 22nd 2013 http://isc.sans.edu/podcastdetail.html?id=3323, (Wed, May 22nd)

By Perry Varanoid on Wednesday, May 22nd, 2013 | No Comments

Chrome 27 stable released http://googlechromereleases.blogspot.ca/ some security fixes, (Tue, May 21st)

By Perry Varanoid on Tuesday, May 21st, 2013 | No Comments

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SSL: Another reason not to ignore IPv6, (Fri, May 17th)

By Perry Varanoid on Friday, May 17th, 2013 | No Comments

Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the “quick fix”, as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4. The most obvious issue here is logging, in that the application only “sees” the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses.

ISC StormCast for Friday, May 17th 2013 http://isc.sans.edu/podcastdetail.html?id=3314, (Fri, May 17th)

By Perry Varanoid on Friday, May 17th, 2013 | No Comments

Extracting signatures from Apple .apps, (Thu, May 16th)

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected

ISC StormCast for Thursday, May 16th 2013 http://isc.sans.edu/podcastdetail.html?id=3311, (Thu, May 16th)

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft Security Advisory overview, (Tue, May 14th)

By Perry Varanoid on Wednesday, May 15th, 2013 | No Comments

Malware Protection Engine Microsoft released security advisory 2846338 indicating that they have update their Malware Protection Engine (used in a varierty of their anti malware products) to fix a vulnerability in said engine where an attacker would be able to execute random code in the context of LocalSytem. Micorosft claims the vulnerability was publicly disclosed as a DoS.

CVE-2013-2094: Linux privilege escalation, (Tue, May 14th)

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions

Firefox & Thunderbird released, (Tue, May 14th)

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

Mozilla decided to join the mayhem on Black Tuesday this month and released Firefox and Thunderbird. This updates to: Firefox 21.0 Firefox ESR 17.0.6 Thunderbird 17.0.6 Thunderbird ESR 17.0.6 Release notes: https://www.mozilla.org/security/known-vulnerabilities/firefox.html Security content o fthe updates: MFSA 2013-48 Memory corruption found using Address Sanitizer CVE-2013-1676 , CVE-2013-1677 , CVE-2013-1678 , CVE-2013-1679 , CVE-2013-1680 and CVE-2013-1681 MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent CVE-2013-1675 MFSA 2013-46 Use-after-free with video and onresize event CVE-2013-1674 MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries CVE-2013-1673 and CVE-2012-1942 MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service CVE-2013-1672 MFSA 2013-43 File input control has access to full path CVE-2013-1671 MFSA 2013-42 Privileged access for content level constructor CVE-2013-1670 MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) CVE-2013-0801 and CVE-2013-1669 — Swa Frantzen — Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Adobe May 2013 Black Tuesday Overview, (Tue, May 14th)

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

Adobe released their May 2013 Black Tueday bulletins : # Affected CVE Adobe rating APSB13-13 ColdFusion CVE-2013-1387 CVE-2013-1388 Critical APSB13-14 Flash Player and AIR CVE-2013-2728 CVE-2013-3324 CVE-2013-3325 CVE-2013-3326 CVE-2013-3327 CVE-2013-3328 CVE-2013-3329 CVE-2013-3330 CVE-2013-3331 CVE-2013-3332 CVE-2013-3333 CVE-2013-3334 CVE-2013-3335 Critical APSB13-15 Reader and Acrobat CVE-2013-2549 CVE-2013-2550 CVE-2013-2718 CVE-2013-2719 CVE-2013-2720 CVE-2013-2721 CVE-2013-2722 CVE-2013-2723 CVE-2013-2724 CVE-2013-2725 CVE-2013-2726 CVE-2013-2727 CVE-2013-2729 CVE-2013-2730 CVE-2013-2731 CVE-2013-2732 CVE-2013-2733 CVE-2013-2734 CVE-2013-2735 CVE-2013-2736 CVE-2013-2737 CVE-2013-3337 CVE-2013-3338 CVE-2013-3339 CVE-2013-3340 CVE-2013-3341 CVE-2013-3342 Critical — Swa Frantzen — Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posts Tagged ‘podcasts’