Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Eric the Red

Pages: [1] 2 3 ... 6
1
Security Alerts & Briefings / Adobe - Zero day vulnerability
« on: March 14, 2011, 07:46:05 PM »
Adobe have released details of a vulnerability that is currently being exploited and for which there is currently no fix:

Quote
This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Please refer to the advisory for full details

http://www.adobe.com/support/security/advisories/apsa11-01.html

2
The latest "state of the nation" report by Secunia has been published, the document looks at the rise of security threats over the last five years and provides an outlook for 2010 based on the data of the first six months of this year.

It is compelling reading and reinforces the need to keep your computer up to date with vendor patches and software updates. The full report can be viewed at the following link:

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

3
Security Alerts & Briefings / Vulnerability in Adobe Shockwave player
« on: June 25, 2009, 09:15:01 PM »
Sorry, I'm a bit late in posting this. The below is a quote from http://www.adobe.com/support/security/bulletins/apsb09-08.html

"Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/ ."

You know what to do!

Just a quick note of warning, the new version comes with a bundled Norton scan, there is a pre-selected tick box that will deliver that product to you. Remember to clear that check if you wish to opt out of Norton.

4
LandzDown Lounge / The Birthday Quiz
« on: June 10, 2009, 05:48:47 PM »
It's time to exercise the old grey matter. Have a go at answering the following questions (which have a particular leaning toward the UK  :moreevil: ). Copy and paste the questions that you wish to answer into your reply along with your answers. My decision on whether your answer is correct is final but if I mark your homework as correct you will earn the right to pose your own questions. I'll mark / scrub out the questions below that have been answered correctly. Can you answer these without googling?

This could run and run ....

  • In the U.S.A. , what is celebrated on February 2nd and is also a film?
  • In what profession would you use the acronym "SOCO"?
  • What is the official national anthem of the USA.?
  • The blue cornflower is the French equivalent to what in England?
  • Which weather phenomenon translates from the Spanish for 'little boy'.
  • Ambassador to the Court of Saint James's is the official title for Ambassadors to which country?
  • Which castle is on the island of Anglesey?
  • What is echolalia?
  • Which N. African seaport's name is Spanish for white house?
  • Which is the only vowel on a standard keyboard that is not on the top line of letters?
  • What's the worlds most popular Non Alcoholic Drink?
  • In the UK, What letter is given to a car number plate when the age or identity of the vehicle is unknown or if it may have been built from parts?
  • In which street is the Bank of England?
  • Globe and Jerusalem are types of what?
  • In the drink, what are the components of a Screwdriver?
  • How many people take part in the dance of a quadrille?
  • In which city are the headquarters of the International Monetary Fund?
  • How many stars are on the European Union flag?
  • Rather than a hatter, what is the proper name for a maker of hats?
  • In Scrabble how many letters have a value of 2?
  • Lending her name to a famous brand, who was the Greek Goddess of Victory?
  • What is the name of the poker hand containing three of a kind and a pair?
  • In slang, how much money is a monkey?
  • Loriners and farriers cater for what?
  • In the game of draughts, how many men does a player start with?
  • Which is the best selling car name of all time ?
  • Which country in the world sends the most letters abroad?
  • What rank in the Royal Navy is the equivalent of the army's Field Marshall?
  • Which army has been headed by General John Gowans?
  • Which French car designer achieved fame in motoring circles for his 'double chevron' gear and logo?
  • Astrologically speaking, two of the fire signs are LEO and ARIES. Which is the third?
  • Who is the longest serving member of the Privy Council?
  • Which number president of the USA is George W Bush?
  • On which day of the year does All Souls Day fall?
  • What was Fanny Craddocks real first name?
  • What are the caves at Lascaux famous for?
  • On what day of creation did God make the sun, the moon and the stars?
  • What is the collective name for the 9 handmaidens of Odin?
  • What is another name for a ships load mark?
  • What is the meaning of the word Hypocaust? A) Annihilation of a town by flood B) mass inoculation C) underfloor heating
  • Who is said to rule in a Plutocracy?
  • Illustrated on its logo, the product Marmite is named after a French word meaning what?

5
Web News / Do you trust your Bank's ATM?
« on: June 04, 2009, 09:36:06 PM »
Is it time to go back to keeping your money under the mattress? See this article from The Register.

6
LandzDown Lounge / Eurovision Song Contest
« on: May 12, 2009, 09:58:42 PM »
Yes folks, it's that time of year again! The festival of song which for so many years has been dominated by political block voting rather than the merits of the music. Well, this year there is a chance that it may be worth watching as the voting system has been changed.

I haven't listened to all the songs but my top tip for this year is Ireland, which is strange since they don't really want to win it again as it is so expensive to stage the event (Paddy, any thoughts?)

Have a look & listen and see what you think http://www.bbc.co.uk/eurovision/

Bring back Sir Terry Wogan!!

7
LandzDown Lounge / Kiss a frog, get a Prince & save the Rainforest!
« on: May 05, 2009, 09:22:23 PM »
Please see the video at the link below, courtesy of HRH Prince Charles and YouTube ...

http://www.youtube.com/watch?v=CUQ1K284Ip4

8
LandzDown Lounge / How to protect yourself from Bear attacks!
« on: April 16, 2009, 08:48:08 PM »

9
Security Alerts & Briefings / Microsoft Patch Tuesday - April 2009
« on: April 14, 2009, 08:46:42 PM »
There are a number of critical patches issued this month that require immediate attention. For an assessment please see this ISC page.

10
Security Alerts & Briefings / Microsoft Security Advisories 96872 & 967940
« on: February 25, 2009, 10:10:06 AM »
The following information was received from Microsoft on February 25th:

Quote
This alert is to notify you that Microsoft has released two new security advisories on February 24, 2009:

* 968272 - Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
* 967940 - Update for Windows Autorun

====================================
OVERVIEW OF SECURITY ADVISORY 968272
====================================

Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (http://www.microsoft.com/security/msrc/mapp/overview.mspx) and our Microsoft Security Response Alliance (http://www.microsoft.com/security/msra/default.mspx) program to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Review Microsoft Security Advisory 968272 for an overview of the issue, details on affected software, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources. Customers who believe they are affected can contact Customer Service and Support. Contact CSS in North America for help with security update issues or viruses at no charge using the PC Safety line (866)PCSAFETY. International customers can contact Customer Service and Support by using any method found at this location: http://www.microsoft.com/protect/support/default.mspx (click on the select your region hyperlink in the first paragraph).

====================================
OVERVIEW OF SECURITY ADVISORY 967940
====================================

With security advisory 967940, Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file.

Review Microsoft Security Advisory 967940 for an overview of the issue, details on affected software, suggested actions, frequently asked questions (FAQ), and links to additional resources.  This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715 (http://support.microsoft.com/kb/967715).

====================================
ADDITIONAL RESOURCES
====================================

* Microsoft Security Advisory 968272 - Microsoft Office Excel Could Allow Remote Code Execution - http://www.microsoft.com/technet/security/advisory/968272.mspx.

* Microsoft Security Advisory 967940 - Update for Windows Autorun - http://www.microsoft.com/technet/security/advisory/967940.mspx.

* Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc.

* Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc.

* Security Vulnerability Research & Defense (SVRD) Blog: http://blogs.technet.com/swi.

* Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl.

11
Security Alerts & Briefings / Park your car and get infected with Malware
« on: February 04, 2009, 10:09:25 PM »
If the story below came from anywhere other than the ISC I would be checking to see if today was April 1st, it really beggars belief.....

http://isc.sans.org/diary.html?storyid=5797

12
Security Software Programs / F-Secure: A new product
« on: January 01, 2009, 07:47:31 AM »
F-Secure have entered the guarding world with a new offering, "F-Secure Exploit Shield", due to copyright restrictions I can't give you more details but more information may be found at http://support.f-secure.com/beta/estp/estp.shtml

A quick look at the functionality is available on the F-Secure weblog.

If you wish to try Exploit Shield please note that the product is a Beta release and is only for XP machines. This is an interesting development from one of the world's top AV companies and has the potential to be an effective weapon in the fight against malware due to the built in reporting features - think about it!


13
Please read Microsoft Security Advisory (961051) for details of a new IE vulnerability

Quote
Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

Full details of the alert may be found at:

http://www.microsoft.com/technet/security/advisory/961051.mspx

14
Security Alerts & Briefings / Adobe Acrobat exploits now in the wild
« on: November 07, 2008, 09:46:39 PM »
Two days after Adobe released this Security Advisory the first exploits have been seen in the wild, those examples were not recognised by the VirusTotal bank of AV applications.

Please follow the advice given in the advisory and update to the latest version of Acrobat or Acrobat Reader (v8.1.3 or, if you can, v 9.0.0). If updating from an earlier version to v9.0.0. you are advised to first remove all traces of that version via the "Add/Remove" function (XP) or "Programs and Features function (Vista) of Control Panel.

15
Security Alerts & Briefings / US Presidential election malware
« on: November 06, 2008, 07:41:41 AM »
The malware writers are taking advantage of the recent US election to spread their wares, an example of this is shown at the link below. Please be suspicious of unsolicited emails and sms texts that relate to the election.

Barack Obama Interview Lure

Pages: [1] 2 3 ... 6