Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Eric the Red

Pages: 1 2 [3] 4 5 6
Security Alerts & Briefings / Cold Boot Attacks on Disk Encryption
« on: February 23, 2008, 09:51:52 AM »
So, you use disk encryption to prevent your data from being stolen? Do you hibernate your laptop or lock your screen with a password protected screensaver?

Yes? Then you had better read the article at the link below - your data is not as safe as you thought that it was, even if the machine is unplugged.

Security Alerts & Briefings / SANS Top 20 - 2007
« on: December 19, 2007, 09:39:55 PM »
In case you missed it, the "SANS Top 20 Internet Security Risks" was updated for 2007 at the end of November:

This year's SANS Top 20 illuminates two new attack targets that criminals have chosen to exploit and the older targets where attackers have significantly raised the stakes. Although the Top 20 focuses on emerging attack patterns, the old vulnerabilities are still being targeted by automated attack programs constantly scanning the Web for vulnerable systems. So many automated programs are searching for victims that SANS Internet Storm Center (an early warning system for the Internet) reports that computers can expect to survive only five minutes before being attacked and will withstand the attacks only if they are configured securely before being connected to the Internet.

This is required reading for anyone with a computer and further details can be found at

Enjoy  :blink:

LandzDown Lounge / Spyware attack in progress
« on: October 07, 2007, 05:16:45 PM »
The following link is to a short "You Tube" video from McAfee which shows what can happen when you surf to the wrong place:

Worth a few seconds of anyone's time  :shock:

Secunia Personal Software Inspector (Beta) has been upgraded to version which includes a fix for a problem encountered on installation be some Vista users. Download here.

From the EULA:
Purpose of the Secunia PSI

The Secunia PSI is an invaluable tool for you to use when assessing the security patch state of software installed on your system. It constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

It is NOT the purpose of the Secunia PSI to detect whether your system has already been compromised or if local changes, settings, or missing requirements could cause the Secunia PSI to report incorrect results. The Secunia PSI relies on the meta-data of executables and library files. The Secunia PSI does NOT conduct an integrity check of the individual files, rather, it checks whether a specific program is vulnerable according to the reported version numbers and not whether the files have been compromised or replaced by other users or programs.

The Secunia PSI is not a replacement for other security measures such anti-virus or personal firewalls, the Secunia PSI is a great supplement to other security measures such as anti-virus and personal firewalls as it helps preventing exploitation of often overlooked exposures.

Additionally, it is important to understand that the process of identifying insecure software installations on any system involves many different factors and, in rare cases, may result in incorrect detections. Should you encounter such a situation, please send us your feedback and all relevant information at

Please see this Auscert Alert for details of a new problem with the Sun JRE. Sun are adamant that they have fixed it in Java SE 6 update 2 so if you haven't already done so now is the time to upgrade.

Quote from Adobe

"Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform."

Full details at

This applies to Flashplayer and earlier, and earlier, and and earlier. To verify your version (and as a quick check for other vulnerabilities) run the Secunia Software Inspector.


Another wave of spammed e-mails using the e-card exploit, starting with the following line (pick your owm permutation):

You've received [a|n] [greeting|] [postcard|ecard] from a [admirer|class-mate|colleague|family member|friend|mate|neighbor|neighbour|partner|school friend|school mate|school-mate|worshipper]!

Click on the link to get your e-card (and pick up a trojan at the same time).

This attack is being reported at the Internet Storm Center. Watch there for developments.

New versions of Firefox were released yesterday to address five vulnerabilities. Full details may be found at this Mozilla page.


Those of you who know me well will be aware of my affection for the website of the United Kingdom's "National Infrastructure Security Co-ordination Centre", a valuable resource for information on protecting your infrastructure and timely advice on the latest nasties to threaten our beloved machines. Alas, NISCC is no more!  :(

The good news is that, like so many other organisations, NISCC has been re-branded. This august body has merged with a part of MI5 (the UK's Security Service) and is now the "Centre for the Protection of National Infrastructure". As far as I can ascertain some of the good information that was previously available through NISCC's website is also available through the CPNI's website at although you may need to search for it.

Security Alerts & Briefings / New Microsoft Office vulnerability
« on: February 03, 2007, 06:28:04 PM »
On February 2nd 2007 Microsoft issued a new Security Advice notice - Microsoft Security Advisory (932553) - which, surprise surprise, is using MS Excel as the route to attack your computer. The following are known to be vulnerable

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac

There is no patch for this as yet and the vulnerability may yet affect other Office products. Be wary of e-mail attachments downloaded Office files.


Security Alerts & Briefings / XSS vulnerability in Adobe Reader 7.0.8
« on: January 12, 2007, 02:34:46 PM »
A vulnerability has been discovered in Adobe Reader 7.0.8 and prior that will allow the execution of malicious code appended to a URL. Acrobat users are advised to update to 7.0.9 or (Windows XP SP2) 8.0

For more info see this Internet Storm Center report

Security Alerts & Briefings / Mozilla Firefox Information Disclosure
« on: December 28, 2006, 06:57:09 AM »
Note: This information, released on December 20th, updates an earlier vulnerability reported in Firefox. You are advised to allow automatic updates of Firefox from Mozilla.

Affected: Mozilla Firefox versions 2.0.1 and prior

Description: Mozilla Firefox's password manager component contains an
information disclosure weakness. The password manager can be used to
automatically fill out username and password forms. If this capability
is used on web pages that can have arbitrary HTML code included by an
attacker, the attacker could gain these username and password entries.
This vulnerability can be exploited to conduct phishing attacks such as
stealing MySpace passwords etc.

A proof of concept for this vulnerability is publicly available.

Status: Mozilla confirmed, updates available.

Note: This information was released on December 19th and is placed here for reference purposes.

Sun JDK and JRE 5.0 Update 7 and prior
Sun SDK and JRE 1.4.2_12 and prior
Sun SDK and JRE 1.3.1_18 and prior

Description: The Sun Java Runtime Environment and the Sun Java Software
Developer Kit (SDK) contain multiple vulnerabilities. These
vulnerabilities include remote code execution, privilege escalation, and
information disclosure. If a user browses a webpage containing a
malicious Java applet, the applet may be able to execute arbitrary code
on the client system with the privileges of the logged-on user. Note
that the Java applets are automatically downloaded and executed in
typical browser configurations. Also, the Sun Java Runtime Environment
is installed by default on Microsoft Windows systems prior to Windows
XP, many Unix and Unix-like operating systems (including Sun Solaris),
and many Linux distributions. Previous flaws in JRE have been exploited
to compromise systems in the wild; hence, this update should be applied
on an expedited basis.

Status: Sun confirmed, updates available. 

Security Alerts & Briefings / MOVED: Zumlif's merged topic
« on: October 07, 2006, 11:07:40 PM »

Sorry, I have been away and nearly missed this important release from Adobe:

Quote from: Adobe Summary
Critical vulnerabilities have been identified in Flash Player and earlier versions that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF file must be loaded in Flash Player by the end user for an attacker to exploit these vulnerabilities. It is recommended that users update to the most current version of Flash Player available for their platform.

Pages: 1 2 [3] 4 5 6