1 / 9

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 2 Patches – 2 Critical Affecting VB and Mail Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS10-031 – Visual Basic for Applications, Remote Execution MS10-030 – Outlook Express / Windows Mail, Remote Execution. Holes / Patches.

pleon
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 2 Patches – 2 Critical • Affecting VB and Mail • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS10-031 – Visual Basic for Applications, Remote Execution • MS10-030 – Outlook Express / Windows Mail, Remote Execution

  3. Holes / Patches • Adobe, 3 patches • APSB10-10 CS4 • APSB10-11 ColdFusion • APSB10-12 Shockwave Player • Apple, • Security Update 2010-003 • Cisco • Cisco IronPort Desktop Flag Plug-in, Disclosure • Cisco Router and Security Device Manager, XSS • NTP Package Remote Message Loop DoS • Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-Port Gigabit Security Routers, Auth Bypass • Browsers • Firefox, Chrome, Opera, Safari (unpatched)

  4. Holes / Patches • Facebook • API exposes data through “Events” • Site Link resets privacy to open • Yelp / Facebook bleed over • Open Source FB?? Diaspora* • IBM HTTP, multiple vulns • IBM WebSphere, multiple vulns • Avaya products, multiple vulns in embedded firefox • Avaya products, multiple vulns in embedded wireshark • Adobe CS3, tiff processing vuln • VLC Media Player, multiple vulns • Java

  5. Corp. Hell • Symantec buys PGP and GuardianEdge • Apax Partners buys Sophos • FCC  Voluntary Cyber Security Certification? • Taking feedback until Sept 8 2010

  6. WTF “The first step in a secure development process is to figure what level of risks you are willing to accept, and what level of security you need. For many organizations, the correct answer is to completely ignore security altogether.” ---Robert Graham, http://erratasec.blogspot.com/

  7. Updates Suricata RC1 open source ids/ips engine Iscanner 0.5 *nix malware scanner jarlsberg vulnerable app davtest 1.0 webdav scanner fuzzdb 1.06 fuzzer sequences patterns etc netsparker community editio webapp scanner

  8. CON Events THOTCON 0x1 Apr 23rd – Sold Out Source Apr 24 Interop Vegas Apr 25 RECON (montreal) July 11 CanSecWest Mar 24 BlackHat Europe Apr 12 Notacon Apr 15 Toorcon Seatle Apr 18 HITB Dubai Apr 19

  9. All images scavenged without permission All images scavenged without permission

More Related