Security Advisory | Eat It Or Wear It

May 2024
S	M	T	W	T	F	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Don’t Get Caught In The Crossfire

Posted on November 3, 2011 by Killian Bundy

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Filed under: Blog Entry | Tagged: 2639658, Advisory, Aimed, Attachment, Attack, Attacker, Bulletin, Collateral Damage, Company, Control, Crossfire, Cyberattack, Data, Document, Duqu, Duqu Virus, Email, Extremely Low, Fix, Freaked Out, Iran, Iranian Nuclear Program, Issued, Issues, Look For, Microsoft, Microsoft Security Advisory, Microsoft Word, Microsoft Word Attachment, Network, Nose Around, Nuclear, Nuclear Program, Opens, Organization, PC, Possibility, Program, Promised, Propagate, Protect, Protect Yourself, Researcher, Security, Security Advisory, Security Bulletin, Security Update, Son Of Stuxnet, Stuxnet, Symantec, Symantec Researcher, Take, Take Control, Targeted, Targets, Temporary, Temporary Fix, Update, Victims, Virus, Vista, Windows, Windows 7, Windows Server 2008, Windows Users, Windows XP, Word Document, Workaround, Yourself | 2 Comments »

Do You Own A Sony HackStation?

Posted on April 26, 2011 by Killian Bundy

You’ve probably already noticed that your Sony PlayStation won’t connect to the online network, but do you know that hackers probably stole all your personal data, including your credit card number, too?

User data stolen in Sony PlayStation Network hack attack

Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

With 77 million potential victims, this could wind up being the largest data theft in history. If you own a PlaySyation, make sure you keep an eye on your credit card account for any unusual activity and change your passwords and probably as much other PlayStation Network account information as you can as soon as the system goes back online.

/and watch out for phishing attacks, if Sony contacts you, make damn sure it’s actually Sony

Filed under: Blog Entry | Tagged: Accounts, Addresses, Advisory, Attack, Billing Addresses, Birth Dates, Breach, Change Passwords, Company, Hack, Hack Attack, Hacked System, Hackers, Hacking, Identity Theft, Identity-Theft Scams, Information, Network, Offline, Other Information, Passwords, Payment-Card, Payment-Card Data, Phishing, Plans, PlayStation, PlayStation Network, Plundered, PSN, Purchase History, Qriocity, Qriocity Network, Register, Register Accounts, Restore, Restore Services Gradually, Scams, Security, Security Advisory, Security Answers, Security Breach, Services, Sony, Sony PlayStation, Stolen, Stolen Information, User Data, User Names, Warning | 2 Comments »

Do You Know What Day Is It?

Posted on February 8, 2011 by Killian Bundy

You know damn well what day it is, it’s Microsoft Patch Tuesday!

Microsoft Plugs 22 Security Vulnerabilities on Patch Tuesday

Microsoft plugged 22 security holes today in the second Patch Tuesday of the year.

The fixes are included in 12 security bulletins spanning Windows, Internet Explorer, Microsoft Office and IIS. Three of the bulletins are rated “critical” while the other nine are considered “important.”

Within the critical bulletins are fixes for a bug in the Windows Graphics Rendering Engine Microsoft warned users about in January, as well as a vulnerability in IE (Internet Explorer) resulting from the creation of uninitialized memory during a CSS (cascading style sheet) function within IE. The company issued the advisory for the IE flaw in December, and has seen limited, targeted attacks focused on the vulnerability.

Who Nellie, that’s a whole lot of patch! And, as usual, it doesn’t even correct all the problems with the software.

/so, until next time, happy patching!

Filed under: Blog Entry | Tagged: Cascading Style Sheet, Critical, Critical Bulletins, CSS, IE, IE Flaw, IIS, Important, Internet Explorer, Microsoft, Microsoft Office, Microsoft Patch Tuesday, Patch Tuesday, Security Advisory, Security Bulletins, Security Fixes, Security Holes, Security Vulnerabilities, Targeted Attacks, Uninitialized Memory, Vulnerabilities, Windows, Windows Graphics Rendering Engine | 2 Comments »

It’s A Record Patchapalooza Tuesday!

Posted on August 10, 2010 by Killian Bundy

Does Microsoft Windows suck? Um, why do you ask?

Microsoft drops record 14 bulletins in largest-ever Patch Tuesday

It’s a very busy Patch Tuesday for Windows users: 14 bulletins covering 34 serious security vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.

As previously reported, eight of the bulletins are rated “critical” because of the risk of remote code execution attacks. The other six are rated “important.”

The company also released a security advisory to warn of a new elevation of privilege issue in the Windows Service Isolation feature.

Windows users are urged to pay special attention to these four bulletins:

MS10-052 resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

MS10-055 resolves a privately reported vulnerability in the Cinepak codec that could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

MS10-056 resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.

MS10-060 resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.

As Computerworld’s Gregg Keizer points out, the August update was the biggest ever by number of security bulletins, and equaled the single-month record for individual patches.

What the hell is Bill Gates selling anyway, a computer operating system or Swiss cheese?

/you’d better get busy downloading, this one takes a while, sucks if you have dial up

Filed under: Blog Entry | Tagged: Bill Gates, Cinepak Codec, Codec, Computerworld’, Critical, Gregg Keizer, Important, Internet Explorer, Media File, Microsoft, Microsoft .NET Framework, Microsoft Office, Microsoft Windows, Microsoft XML Core Services, Mitigation Mechanisms, MPEG Layer-3 Audio Codecs, MS10-052, MS10-055, MS10-056, MS10-060, Operating Systems, Patch Tuesday, Patchapalooza, Patches, Privilege Issue, Remote Code Execution, Remote Code Execution Attacks, RTF E-Mail Message, Security Advisory, Security Bulletins, Server Message Block, Silverlight, Streaming Content, User Rights, Vulnerabilities, Vulnerability, Windows, Windows 7, Windows Service Isolation Feature, Windows Vista | 1 Comment »

Eat It Or Wear It

Archives

Don’t Get Caught In The Crossfire

Do You Own A Sony HackStation?

Do You Know What Day Is It?

It’s A Record Patchapalooza Tuesday!

Recent Posts

Blogroll

Donate

Fantasy Football

Finance

News

Weather

Blog Stats