Tag Archives: security

Ongoing Sec – More Exploited Vulnerabilities Patched

Security Logo

12 November – Every freakin’ month (2nd Tuesday) there is a new set of Microsoft vulnerabilities, so much so that we have ignored reporting them.

But this month there is yet another set of Critical vulnerabilities that is being exploited in the field – read about it here at Krebs:

Zero-Days Rule November’s Patch Tuesday — Krebs on Security. This explains new Flash updates. [Your editor has eliminated Flash from his system…not worth the bother.]

But note: This does not cure the zero-day exploit that is capable of ruining your whole week~!~!~!


11 June – Another round for Adobe and Microsoft, explained by Krebs:

Adobe, Microsoft Patch Flash, Windows


14 May – Microsoft and Adobe today each released updates to fix critical security holes in their software. Microsoft’s patch batch tackles at least 33 vulnerabilities in Windows and other products, including a fix for a zero-day vulnerability in Internet Explorer 8 that attackers have been exploiting. Separately, Adobe pushed security updates for Flash Player, Adobe Reader, Acrobat and Adobe AIR.

So says Krebs On Security today. Get all the info: Microsoft, Adobe Push Critical Security Updates


6 May – Zero Day Exploit is not only in the open for IE8, but it is published for all hackers to study from.

 

If you must use a Windows computer, please change over to Firefox immediately (if you haven’t already.) Then read this:

Krebs On Security – Zero-Day Exploit Published for IE8


12 Feb – The normal tuesday repairs to the normallly insecure programs –

Fat Patch Tuesday — Krebs on Security


7 February – Critical Flash Player Update Fixes 2 Zero-Days — Krebs on Security |

These stories never end…not even interesting reading anymore. Just do the upgrades.

Updates are available for Windows, Mac, Linux and Android users. The latest Windows and Mac version is v. 11.5.502.149, and is available from this link. Those who prefer a direct link to the OS-specific downloads can grab them here. To find out if you have Flash installed and what version your browser may be running, check out this page.


16 Jan – Days after the critical Java fix, Kreb’s On Security announces that a new exploit not patch in the version 11 release is being sold on the black-hat black market. First, learn how-to and do turn-off Java until this is patch AND even then, only if you need it.
How to Unplug Java from the Browser — Krebs on Security

Second, read more about the sordid details here: New Java Exploit Fetches $5,000 Per Buyer — Krebs on Security

Security experts on Java: Fixing zero-day exploit could take ‘two years’ | ZDNet

Third: Point others to this site to learn “What Is Java” and how to use it if you absolutely must: What You Need to Know About the Java Exploit — Krebs on Security

 


 

 

13 Jan – Now it is Java wih the critical warnings…Read Kreb’s for the data, but one thing I noticed is that his link for the mac update was wrong and the auto-update that the Mac Java program points to gives an error. So here is the correct link for all OSs: Download Free Java Software, which should point to the right place. Here is where I got a successful Java for Mac download:
Oracle Ships Critical Security Update for Java — Krebs on Security Download Java for Mac OS X
Oracle Ships Critical Security Update for Java — Krebs on Security


 

8 January – Like the Australians needing new colors on their temperature maps as Ultra Hot turns to Double Extra Super Hot, Microsoft and Adobe are going to need new degrees above Critical and above Vulnerable. In this case, Microsoft should say, “Ultra Vulnerable Even After the Update”, As Krebs on Security explains: “… these vulnerabilities could be exploited to fully compromise vulnerable Windows systems without any help from users. …”

Read the entire piece since it has all the links for the Adobe Reader Flash Player plugin…and AIR and Acrobat…for both Windows and Mac OS.

Don’t delay…here is the link again: Adobe, Microsoft Ship Critical Security Updates — Krebs on Security

Australia adds new colour to temperature maps as heat soars | Environment | The Guardian


 

[……]

Read more

New .1 version of ffmeg released

Code-named Freedom, and only 6 weeks after Harmony (0.9) was release, this version of the Open Source video codec tools and libraries repair many “highly critical” security risks. Secunia Details

If you are using Perian, VLC or MPlayer, among other open source tools that allow you to run several different types of media codecs, expect updates.


[……]

Read more

New .1 version of ffmeg released

Code-named Freedom, and only 6 weeks after Harmony (0.9) was release, this version of the Open Source video codec tools and libraries repair many “highly critical” security risks. Secunia Details

If you are using Perian, VLC or MPlayer, among other open source tools that allow you to run several different types of media codecs, expect updates.


[……]

Read more

SSL Breaches & Duqu; What is DCinema Interesting

More and more news articles are pointing out more and more compromised systems. The systems are not the computers of us simple folk, but rather computers just like ours that sit behind sophisticated firewalls and have sophisticated staff working to prevent problems.

They use the same words that the DCinema world uses when discussing security: Trusted Devices, digital certificates, revocation of keys, and the like. 

[……]

Read more

Who Else Was Hit by the RSA Attackers?

“Almost 20 percent of the current Fortune 100 companies are on this list.”

“Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA.”

Krebs On Security – Who Else?

The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. The subtext of the story was that if this could happen to one of the largest and most integral security firms, what hope was there for organizations that aren’t focused on security?

[……]

Read more

What Is A Projectionist? In The Digital Age

Marketing Guru Adrian Weidmann says, “Always Solve For Why”. In the Digital Cinema Age there are several more Quality Control and Security “Whys” than there have ever been.

The entire concept of the entertainment business is to give an accurate presentation of the artist’s intent to the audience. In the cinema world, there are dozens – perhaps hundreds – of crafts people working before and after the first lens during production and post to make the artist’s intent happen. The final craft with the final lens is the projectionist.

[……]

Read more

[Update] IPv6, Security, Future Near

IPv6 Day has cometh. Learn more at:World IPv6 Day Kicks Off – www.enterprisenetworkingplanet.com

“Over 300 websites around the world have indicated they will be participating in World IPv6 Day,” Greg Wood, Director of Communications at the Internet Society told InternetNews.com. “In addition to websites with global reach, such as Google, Yahoo!, and Facebook, many participants are among the leading sites in their region.”

[……]

Read more

Stuxnet and SCADA – New News

Stuxnet is a piece of malware that attacks industrial process computers running a certain set of standardized controls. The troubles that this standard is facing now that there are people paying attention to it is only interesting to us if we consider that eventually “black hats” will turn their attention on Ddcinema systems. But why would anyone want to do that.

Following is an article on Schneier on Security.

[……]

Read more

Update Everything Month~! Software Vulnerability Records

October 2010 has had record numbers of updates in core programs from Windows to OSX, in Adobe Products and in Java (now owned and managed by Oracle.) Firefox, Opera, RealPlayer, you name it, Security Vulnerabilities is the new black…now white.

Security Vulnerabilities was a code word, of course. It was a nice way of saying, “A bad guy could create an object in the code of a site that would tickle a hole in the software on your computer, and make it – your computer – do one or more things.”
[……]

Read more

Remote wiping technology Hard Disks

Toshiba has announced the launch of its wipe technology for self-encrypting hard disk drives. As a tool for DCinema, this isn’t immediately interesting, but it adds a potential tool for future security.

According to Toshiba, Wipe for Toshiba Self-Encrypting Drive allows sensitive user data to be securely erased when a system is powered-down, or when a SED hard disk drive is removed from the system. The feature can also be used to securely erase user data prior to returning a leased system, system disposal or re-purposing.

[……]

Read more