Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sysinternals updates, a new blog post, and webcast

Published: 2011-04-14
Last Updated: 2011-04-14 19:57:53 UTC
by Adrien de Beaupre (Version: 1)
1 comment(s)

Process Monitor v2.95, TCPView v3.04, Autoruns v10.07 have updates here [1]

Of equal interest as the tools update is Part 1 of an analysis of a Stuxnet infection with Sysinternals tools here [2]

[1] http://blogs.technet.com/b/sysinternals/archive/2011/04/13/updates-process-monitor-v2-95-tcpview-v3-04-autoruns-v10-07-and-a-new-blog-post-and-webcast-from-mark.aspx

[2] http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

1 comment(s)

Apple Security Patches for OS X and iOS

Published: 2011-04-14
Last Updated: 2011-04-14 17:51:39 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Unlike Microsoft, Apple has so far not committed to a regular patch cycle, and today's release of IOS 4.3.2 as well as the OS X Security Update 2011-002 came somewhat as a surprise. [1]

Both include security fixes that should be applied rather sooner then later. The OS X update also includes Safari 5.0.5 . We will update this diary once the Apple support page with security details is live.

The patch is pretty small compared to other Apple patches (about 4 MB). You need to restart your system after applying the security patch. I applied it to one system with PGP full disk encryption, and so far no ill effects. 

[1] http://support.apple.com/kb/DL1376

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: apple ios os x
0 comment(s)

Update to Adobe Flash 0-day: Patch will be out soon

Published: 2011-04-14
Last Updated: 2011-04-14 13:46:25 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Adobe updated its advisory, stating that we should have a patch at least for the "non sandbox" versions of Adobe Acrobat and Reader by April 25th [1]. Flash player will get a fix even earlier (April 15th = this week Friday). Adobe Reader X for Windows, which uses the new "Protected Mode" feature to limited the exploitability of this vulnerability, will have to wait until June 14th.

Little Table to clarify:

  Flash Reader 9 Reader 10.x Reader 10.0.1 Reader 10.0.2 aka "X"
Windows 4/15 4/25 4/25 4/25 6/14
Macintosh 4/15 4/25 4/25 4/25 4/25

 

for more details, see the URL below.

[1] http://www.adobe.com/support/security/advisories/apsa11-02.html

Update: corrected patch date for Adobe Reader X for Windows. Was 6/25.. but should have been 6/14. Thanks Luc for pointing this out to me!)

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe flash
1 comment(s)

dshield.org now DNSSEC signed via .org

Published: 2011-04-14
Last Updated: 2011-04-14 02:26:28 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

To coincide with today's webcast about DNSSEC [1], I changed how the dshield.org zone is DNSSEC signed. The zone itself has been signed for a while now, but I used "look aside validation" via isc.org . For a few months now, it has been possible to have .org zones directly signed by .org, and I decided to give it a try. Please let me know if you see any issues. If you plan to deploy DNSSEC yourself, see Verisign's [3] nice testing tool as well as the visualization tool by DNSVIZ [4].

[1] https://www.sans.org/webcasts/isc-threat-update-20110413-94083
[2] http://dlv.isc.org
[3] http://dnssec-debugger.verisignlabs.com
[4] http://dnsviz.net/d/dshield.org/dnssec/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dns dnssec dshield
1 comment(s)
Diary Archives