Enterprise Vulnerability Management

The Gorilla CISO has a blog post about vulnerability management that is worth reading. It sounds really familiar, though I’m dealing with it on a much much smaller scale. ” The way we manage patch and vulnerability information is something out of the mid-80’s.” Tell me about it. Today I read RSS feeds (US CERT, …

Continue reading ‘Enterprise Vulnerability Management’ »

More JAVA Updates

We just finished rolling out Java 1.5 update 14. As we’ve come to expect with all updates, that means another update is right around the corner. SUN has not disappointed. Sun JDK and JRE 5.0 Update 15 http://java.sun.com/javase/downloads/index_jdk5.jsp Sun JDK and JRE 6 Update 5 http://java.sun.com/javase/downloads/index.jsp SUN SDK and JRE 1.4.2_17 http://java.sun.com/j2se/1.4.2/download.html Multiple vulnerabilities have …

Continue reading ‘More JAVA Updates’ »

Adobe Reader 8.1.2 Released

Adobe Reader 8.1.2 is out, download here. There are not any new security advisories for Adobe Reader at this time. Until I hear otherwise, this may just be a bugfix release. Update:The 8.1.2 release notes are available. The summary states “The Adobe Reader 8.1.2 update addresses a number of customer workflow issues and security vulnerabilities …

Continue reading ‘Adobe Reader 8.1.2 Released’ »

FrSIRT Closes Public Exploits Section

The public exploits section at the French Security Incident Response Team website has gone members only. That website had been a good site for exploit code for the non-grayhat to learn what exploits are easily available. All too often patching cant occur until justified by a credible threat. that site would act as a barometer …

Continue reading ‘FrSIRT Closes Public Exploits Section’ »

Private exploit available for Symantec RAR vulnerability

Dave Aitel over at ImmunitySec has released exploit code for the Symantec RAR vulnerability which was announced in December. This code has been released only to customers of ImmunitySec only. This is a sign that it is possible to develop an exploit for this vulnerability. Not only that, if history is any indication, the super …

Continue reading ‘Private exploit available for Symantec RAR vulnerability’ »

Symantec Site Redesign

I learned this morning from Chris Mosby’s blog that Symantec had performed a site redesign. This was news to me because everything was normal last night at 1am. Normally I’d say hopefully this is a sign Symantec is migrating from Lotus Notes and we wont have to deal with slow site updates (replication) and incredibly …

Continue reading ‘Symantec Site Redesign’ »