AOH :: ISNQ3455.HTM
Month of Apple Patches
|
Month of Apple Patches
Month of Apple Patches
Forwarded from: Security UPDATE
PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
Give viruses admin rights to your computer
http://list.windowsitpro.com/t?ctl=4603A:7EB890
Black Hat security event
http://list.windowsitpro.com/t?ctl=46056:7EB890
esxRanger Professional: Hot Backups for VI3
http://list.windowsitpro.com/t?ctl=46051:7EB890
=== CONTENTS ==================================================
IN FOCUS: Month of Apple Patches
NEWS AND FEATURES
- Attacking Vista: From Proof of Concept to Actual Exploit
- Cisco Strengthens Mail Offering with IronPort
- Backup and Recovery Basics
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: At Least 11 Unpatched Vulnerabilities in
Microsoft Products
- FAQ: Start a Program with Elevated Permissions
- From the Forum: Information Quality During Security Incidents
- Share Your Security Tips
PRODUCTS
- Secure Remote Access from Handhelds
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Byte Crusher =====================================
Give viruses admin rights to your computer
Sounds crazy, doesn't it. But if you run Windows XP as an
Administrator, this is exactly what you are doing every time you touch
the Internet. You locked the door but forgot to close it. WindowZones
can dynamically remove Administrator rights from Internet applications
such as web browsers and email clients. Say "Access Denied!" to
Internet threats with WindowZones.
http://list.windowsitpro.com/t?ctl=4603A:7EB890
=== IN FOCUS: Month of Apple Patches ========================== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Recently, someone announced that a new Apple-related security bug would
be posted every day for the month of January (see the URL below). The
stunt comes on the heels of other such projects, dubbed Month of Kernel
Bugs and Month of Browser Bugs. There was also a proposed Month of
Oracle Database Bugs, but that stunt never came to fruition.
http://list.windowsitpro.com/t?ctl=46055:7EB890
You might have read my recent Security Matters blog article in which I
questioned whether this relatively new "month of bugs" trend is
stupendous or just plain stupid. If you missed it, you can read it at
the URL below.
http://list.windowsitpro.com/t?ctl=46046:7EB890
The problem I see with these events is that they place millions of
computer users at severe risk. The alleged motives for launching these
events vary, but it seems to me that they're primarily publicity stunts
designed to draw attention to the operators of the events. If that
weren't the case, then the bug publicists would at least post their
bugs anonymously. Furthermore, if they really cared about the overall
effects of their bug reports, they'd be more responsible with their
disclosure methods instead of leaving people vulnerable while vendors
scramble to fix the bugs.
At least some people out there have a conscience. In response to the
recent launch of the Month of Apple Bugs (MOAB) comes the cavalry
riding to the rescue, led by Landon Fuller, former Apple engineer.
Fuller found out about MOAB and decided that it would be a good
exercise and public service to fix the bugs while waiting for official
fixes from Apple. So day by day, as the new bugs are posted, Fuller
works to find ways to fix them and subsequently releases patches.
http://list.windowsitpro.com/t?ctl=4604F:7EB890
In addition to Fuller's work, William Carrel stepped in to set up a
MOAB Fixes group at Google where MOAB patch coordination is taking
place. There you can find open discussion along with the patches
released so far. The group is accessible at the URL below.
http://list.windowsitpro.com/t?ctl=46047:7EB890
Apple will undoubtedly release its own patches for the bugs in the near
future. However, so far the company hasn't said anything publicly about
possible patches or the MOAB project. Although Fuller formerly worked
at Apple and is helping to fix the bugs on his own, he stated that he
hasn't heard anything from Apple regarding MOAB or his patching
efforts.
I think that the work of the people who are now involved in patching
the issues made known by the MOAB project is admirable. The people who
launch these "month of bugs" stunts could take a lesson in public
service from the example being set. But will they? I doubt it.
=== SPONSOR: Black Hat ========================================
Black Hat security event
Black Hat DC, February 26-March 1 in Washington, DC, is the DC
version of Black Hat, the world's premier technical event for IT
security experts. Featuring 10 hands-on training courses and 30
Briefings presentations with lots of new content--the best of Black
Hat. Network with 300 delegates and see solutions from 10 major
sponsors.
http://list.windowsitpro.com/t?ctl=46056:7EB890
=== SECURITY NEWS AND FEATURES ================================
Attacking Vista: From Proof of Concept to Actual Exploit
During the final week of December, a vulnerability was discovered in
Windows platforms that affects the Client-Server Runtime Subsystem
(CSRSS) service. Then, on the final day of 2006, just in time to ring
in the new year, an anonymous person posted a working exploit to the
Full Disclosure mailing list.
http://list.windowsitpro.com/t?ctl=46048:7EB890
Cisco Strengthens Mail Offering with IronPort
Cisco will acquire IronPort Systems, which makes a range of
appliances that help companies defend themselves against email- and
Web-based attacks.
http://list.windowsitpro.com/t?ctl=46049:7EB890
Backup and Recovery Basics
Every business needs a comprehensive data protection plan. David
Chernicoff shows you how to begin creating one for your company.
http://list.windowsitpro.com/t?ctl=46044:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=46040:7EB890
=== SPONSOR: Vizioncore =======================================
esxRanger Professional: Hot Backups for VI3
Still don't have a reliable disaster recovery plan in place?
Vizioncore's esxRanger Professional supports a sophisticated, yet
cost effective DR strategy for your VMware Infrastructure 3
environment. Restoring entire virtual machine images--or just files--is
smooth & seamless. Visit http://list.windowsitpro.com/t?ctl=46051:7EB890
for a trial download today.
=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: At Least 11 Unpatched Vulnerabilities in
Microsoft Products
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4604E:7EB890
Are you aware of the known vulnerabilities for which no patch is
available? There are at least 11, and the list is growing. Learn more
about them in this blog article.
http://list.windowsitpro.com/t?ctl=4604A:7EB890
FAQ: Start a Program with Elevated Permissions
by John Savill, http://list.windowsitpro.com/t?ctl=4604C:7EB890
Q: How can I easily start a program in elevated permission mode?
Find the answer at
http://list.windowsitpro.com/t?ctl=46045:7EB890
FROM THE FORUM: Information Quality During Security Incidents
A forum participant writes that he's seen discrepancies in data
collected during various incidents, which can lead to wrong actions
being taken. He's curious to hear stories from others about such
incidents as well as suggestions about how people handle information
quality issues during incidents.
http://list.windowsitpro.com/t?ctl=4603B:7EB890
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ================================================== by Renee Munshi, products@windowsitpro.com
Secure Remote Access from Handhelds
Positive Networks announced PositivePRO 3.5, the newest version of
the secure remote access service, which offers several major
improvements, including automatic device detection for easier
provisioning, the ability to work on handheld devices such as
BlackBerries and phones with a Web browser, and Windows Vista support.
The PositivePRO remote access service combines a client-based VPN, a
clientless, Web-based Secure Sockets Layer (SSL) VPN, and remote
desktop control. PositivePRO supports multiple antivirus products on
the client and can prevent a client's access to the network if
PositivePRO detects a virus on the client. PositivePRO can also install
up-to-date antivirus software on a client that doesn't have it. For
more information, go to
http://list.windowsitpro.com/t?ctl=46053:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS ====================================== For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=4604B:7EB890
How do you manage security vulnerabilities? If you depend on
vulnerability assessments to determine the state of your IT security
systems, you can't miss this Web seminar. Special research from Gartner
indicates that deeper penetration is needed to augment your existing
vulnerability management processes. Learn more today!
http://list.windowsitpro.com/t?ctl=4603D:7EB890
Total Cost of Ownership--TCO--is every executive's favorite buzzword,
but what does it really mean and how does it affect you? In this
podcast, Ben Smith explains how your organization can use
virtualization technology to measurably improve the TCO for servers and
clients.
http://list.windowsitpro.com/t?ctl=4603F:7EB890
Protect your users and your network from email-borne threats. This free
eBook gives you the knowledge required to understand the real threat
that email-borne attacks pose and how to address those attacks in a way
that reduces risk while ensuring users aren't impacted. Download it
today!
http://list.windowsitpro.com/t?ctl=4603E:7EB890
=== FEATURED WHITE PAPER ======================================
Are you familiar with new government regulations affecting email? Learn
about the dozens of issues surrounding the security of email in
business today and make sure that your company is in compliance.
Download your copy of this must-have white paper today!
http://list.windowsitpro.com/t?ctl=4603C:7EB890
=== ANNOUNCEMENTS =============================================
Ring in the New Year with SQL Server Magazine
Don't miss SQL Server Magazine in 2007! As a subscriber, you'll have
full access to must-have coverage of high availability, SQL Server &
Office integration, business intelligence, clustering, reporting
services, and much more. Order now and save 58% off the cover price:
http://list.windowsitpro.com/t?ctl=46041:7EB890
Vote for the Next IT Pro of the Month!
Your vote counts! Take the time to reward excellence in a deserving
IT pro. The first 100 readers to cast a vote will receive a one-year
subscription to Windows IT Pro, compliments of Microsoft. Voting takes
only a few seconds, so don't miss out. Cast your vote now at
http://list.windowsitpro.com/t?ctl=46050:7EB890
===============================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=4604D:7EB890
http://list.windowsitpro.com/t?ctl=46054:7EB890
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=46043:7EB890
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=46052:7EB890
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=46042:7EB890
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
Site design & layout copyright © 1986- CodeGods