General: June 2008 Archives

FDCC Major Update 1

Last week NIST released Federal Desktop Core Configuration settings Major Update 1.

40 settings have changed.

By Roger on June 25, 2008 11:08 PM | | Comments (2) | TrackBacks (0)

Security Update available for Adobe Reader and Acrobat 8.1.2

I think its one of those immutable laws of security: The day you finish patching a product, a new patch will be released. Perhaps it just seems that way because of Quicktime.

We just sent out notices last week for our users running Adobe Acrobat (not reader) to update. While I deploy Adobe Reader updates since its part of the default install, users have installed Adobe Acrobat on their own, thus they need to patch. Left to their own devices many were found to still be running 7.0 or worse yet 6, or worse yet 5.

Since we've made good progress, it only makes sense that anyone running 8.1.2 will need to update again.

From the adobe bulletin:

A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2 Security Update 1 patch.

Fortunately 7.1.0 users are already cool.

By Roger on June 23, 2008 9:15 PM | | Comments (1) | TrackBacks (0)

Quicktime 7.5

Quicktime 7.5 has been released.

Apple's description of the security fixes contained in this update is found here.

The Quicktime download and the Itunes with Quicktime download is available here.

By Roger on June 10, 2008 8:11 AM | | Comments (0) | TrackBacks (0)

CISSP Renewed

Its hard to believe that three years have passed since I got my CISSP certification. It renewal time. I sent off my annual payment to ISC2 and I'm well past the minimum required Continuing Professional Education credits (CPEs).

Here's a link to an interesting blog entry, Do you Still Value your CISSP.I love the opening story.

By Roger on June 8, 2008 1:33 PM | | Comments (2) | TrackBacks (0)

Flash still not patched

Ryan Naraine took at look at the Google Analytics for a couple sites and notes that those visitors aren't patching their flash.

I'm seeing the same types of thing he's seeing when I look in the Google Analytics report for www.infosecblog.org.

Nearly 30% report that they are running unpatched Flash 9.0 r115.

You'd think if you were at a security blog, reading about Flash updates, that you might want to check if your Flash is up to date.

I'm a little surprised to hear people say that Adobe doesn't have a Flash update mechanism. Until I killed the updater in our environment, users where prompted to update if one was available at the time they accessed a Flash applet.

At Shmoocon, one of the sessions discussed passive vulnerability fingerprinting like this. If you don't have the ability to do authenticated scans on your look for opportunities like this to gather version information from the logs.

By Roger on June 3, 2008 7:45 PM | | Comments (2) | TrackBacks (0)
« General: May 2008 | Main Index | Archives | General: July 2008 »

Search