|
|
 |
|
 |
|
|
Never Leave Source Code on the Server
I'm not a big fan when it comes to deploying source code on the Web server especially with the new Web Site projects that comes with VS.NET 2005. If your server got hacked before, you'll understand why source code on the server is a very bad idea. (c#, asp.net, php, perl, security, dotnetnuke)
A Very Real Virus Threat
One of my Windows desktop machines got infected with a Trojan virus. Since all my machines are connected in a network, the virus was able to spread and infect other hosts. I have already put together a backup system years ago so it was now time to review my recovery skills. (security, windows)
Enabling Execution of PowerShell PS1 Scripts
Microsoft finally put together a powerful command line tool for Windows that makes Bash on Linux looks like small potato. The new powershell runs .NET and understands objects when you pipe from one process to another. Given the power and the things you can do with powershell, Microsoft is rightfully cautious about hackers and script abuse. PowerShell, by default, is very secure and disallows any powershell scripts from running. (security)
|
|
|
 |
|
 |
|
|
|
|
|
|
|
Twitter Has Security Meltdown - InformationWeek
Apple Security: Time To Stop Feeling Superior? - InformationWeek
Educational Institutions Worldwide Entrust Their Networks to ... - MSNBC
The Five Most Dangerous Security Myths: Myth #2
Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a good antivirus program, you're completely safe, right?
Rogue SSL certificate exploit puts VeriSign on the spot - NetworkWorld.com
Jobless Ohioans can't reach swamped state hot line, Web site - Columbus Dispatch
Report: China targets Web sites with 'porn' content
China has released a blacklist of 19 major online portals and Web sites, including Google and Baidu, that it claims provide and spread pornographic or obscene content, state media reported.
Web Hosting Application Security Upgraded, at FireHost - TheHostingNews.com
Zscaler Releases 2009 Web Security Predictions - PR Newswire
Zscaler Releases 2009 Web Security PredictionsPR Newswire (press release), NY - 6 hours ago6 /PRNewswire/ -- Zscaler, the industry-first, multi-tenant SaaS security service, announced today that it has released its 2009 web security predictions. ... |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS08-078 - Critical: Security Update for Internet Explorer (960714)
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-077 - Important: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
MS08-076 – Important: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-075 – Critical: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-074 – Critical: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-073 - Critical: Cumulative Security Update for Internet Explorer (958215)
Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-072 – Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Bulletin Severity Rating:Critical - This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-071 – Critical: Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-070 - Critical: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
|
|
|
|
|
|
|