1Does it scare the crap out of anyone else to know that the airforce gets patches which can be reverse engineered for the sploit before anyone else?
UPDATE: The ISC recommends not applying the temporary patch, but only if you don't have any third party sites that require active scripting. However, Johannes Ullrich inserted some interesting observations in the post:
andYou may also want to consider contacting Microsoft. Microsoft may not be aware of the importance of security to its customers.
I cackled. On the other hand, I am using eEYE's patch and nothing has broken yet. Although I only use IE on a fairly limited basis.Based on prior public commitments, we do suspect that Microsoft will issue the patch early once they are convinced that customers require the use of Internet Explorer in production environments.
Continue reading "eEYE doing Microsoft's Job"
Living in Jozi is great, but it is difficult to get exercise. You sit it your car and sit in the office. I have been mulling the idea of joining a Gym over, but have always been uncomfortable with the idea. For ever activity the Gym offered I can think of a cheaper/better way of doing it. For example instead of spinning I could buy a bike, instead of Tae-bo I could do a martial art, instead of swimming I could go to a municipal swimming pool, instead of lifting weights I could buy my own or unpack the boxes in my house etc. I am a fan of team sports, the social aspect of exercise is important to me, but Gym is the antithesis of that, even when you are working in a group e.g. aerobics, it is still a very solitary affair.
So, instead of shelling all the money out on Gym, I have bought myself a bike; this bike (the big picture) to be exact. I pick it up tomorrow. Once I get the hang of it I am going to join the Jo'burg Mountain Bike club.
Neener, neener Virgin Active.
UPDATE: removed the 'screw you' it wasn't what I meant.
A shatter attack can allow arbitrary manipulation of McAfee settings that have been locked by an administrator.
This requires a local account so the risk is minimal, but a good way to get around pesk corporate 'local user only' type situations.
Confirmed on VirusScan Enterprise 8.0.0 Patch Level 11 running on Windows XP SP2.
It seems out generic timeline for Microsoft 0days goes along the lines of:
- Flaw is found.
- Microsoft says it isn't being widely exploited and "safe browsing habits" will save you1.
- The threat grows in the wild on porn and pirate sites.
- Microsoft re-iterates the minimal exploitation.
- The threat continues to grow on 'safe' sites.
The point here is that a threat is going to continue to grow as long as there isn't effective mitigation, like a patch. When Microsoft says there is only minimal exploitation is exactly the time they should be rushing out a fix. Even if the threat is growing slowly, this is not an indication by itself that it won't be used in an attack on a multiple site advertiser or the like. This isn't even taking into account all the fun you can have with a targeted attack; we are still dealing with preventing mass exploitation.
As an aside: IE 0day "in the wild" threat growth:
1They also tell you to turn the affected component off. But this never really helps given that most browsing becomes useless.The quick summary is that Microsoft Internet Explorer is vulnerable to a flaw in the application that results in an invalid table-pointer dereference why mucking around with CreateTextRange().
- The Internet Storm Centre has raised the alert to InfoCon Yellow.
- The original advisory was released by Computer Terrorism:
- There are code execution exploits (one, two) roaming around.
- Interestingly enough this appears to have been first released as early as January. Well, that's the date on this one(careful on that one) anyway.
- Vulnerability databases have the dirt:
- SecurityFocus, Secunia, US-CERT, CVE, (No X-Force?)
- Microsoft's response "Duh, turn off ActiveScripting and use 'Safe Browsing Habits'."
- Everyone else's response, "Use another browser".
- No word on Snort signatures as yet.
Continue reading "Laptop Encryption, Solved"
Every time I go to a conference I make a point of taking detailed notes on every talk I attend. Unfortunately that's where my work ethic ends, and the several unfinished blog entries with titles including the phrase "Day x" are a testament to this. So this won;t be in-depth. If you want proper in-depth coverage have a look at ITWeb's news articles on the conference.
Continue reading "ITWeb Security Summit Day 1 & 2"
Continue reading "Information Security South Africa 2006 Abstract"
As for the actual Programme, if you are attending, watch out for my colleauge, Nithen Naidoo's talk entitled Auditing web applications for security vulnerabilities, featuring code written by fellow Rhodent, Yusuf Motara.
Continue reading "ITWeb Security Summit Day 0"
Continue reading "Encryption for Compliance Purposes"