Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/

Wireshark 1.6.6 and 1.4.2 Released

Published: 2012-03-27
Last Updated: 2012-03-27 22:51:55 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Wireshark released today version 1.6.6 and 1.4.12 that includes fixes for several vulnerabilities.

Highlights

Versions 1.6.6 include updates for the following protocols:

- ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP

The following new and updated capture file support is included in this update:

- Endace ERF, Pcap-NG, Tektronix K12

Versions 1.4.12 include updates for the following protocols:

- HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP, UDP

The following new and updated capture file support is included in this update:

Endace ERF, Pcap-NG.

The updates are available here.

[1] http://www.wireshark.org/download.html
[2] http://www.wireshark.org/lists/wireshark-announce/201203/msg00000.html
[3] http://www.wireshark.org/lists/wireshark-announce/201203/msg00001.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

0 comment(s)

ISC Feature of the Week: ISC Poll

Published: 2012-03-27
Last Updated: 2012-03-27 20:56:54 UTC
by Adam Swanger (Version: 1)
0 comment(s)

Overview

Your vote counts! The ISC Poll https://isc.sans.edu/poll.html is a quick and easy way to weigh in and compare your answer to hundreds of others in the industry. A new poll is posted occasionally to gauge the opinion or interest of current events and topics. The latest poll is always in the right column of the homepage. You can jump to the poll page, vote/comment or view results directly from the box.

Features

Current Poll

https://isc.sans.edu/poll.html#results Each poll consists of a question and list of answers to choose from and generally a comment box for additional information about your answer. Choosing an answer and clicking the Vote button will automatically display the poll results and selected comments.

Archive Polls

https://isc.sans.edu/poll.html#poll_archive Previous poll questions are listed newest to oldest. Clicking the question will show poll results and selected comments.

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

Keywords: ISC feature
0 comment(s)
ISC StormCast for Tuesday, March 27th 2012 http://isc.sans.edu/podcastdetail.html?id=2425

Firefox 3.6 EOL

Published: 2012-03-27
Last Updated: 2012-03-27 00:52:18 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)

Ever since Mozilla started its controversial new versioning scheme, Firefox 3.6 was still maintained as a stable and supported version of Firefox. Today, Mozilla announced that Firefox 3.6.28, to be released "over the next few weeks", will be the final version of Firefox 3.6. As of April 24th, no more security fixes will be published for Firefox 3.6

Of course, the Firefox version number is at first just a number. One could consider the just released Firefox "11" more like a Firefox 4.11.0 (or 5.11.0). However, plugins and extensions have never quite caught up to the new versioning scheme. 

A Firefox add-on XPI file is a "zip" file, that once unpacked reveals a number of components, including a "install.rdf" file, which among other settings governing the install of the extension lists the range of version numbers for which a certain extension will work. Developers usually do not include future major versions as changes to the extension API and to the Firefox feature set will make it necessary to adapt the extension. This will require extension developers to consistently maintain and update extensions as Firefox releases new major versions.

In some ways, this may be a good thing as this will remove unmaintained extensions. In other ways, developers of valuable extensions may get discouraged by this practice. As a user, you could edit install.rdf file, and modify the range of supported versions. I have done this in a couple cases myself, and had decent succes. However, there is a good chance that this will fail in some cases.

http://blog.mozilla.com/futurereleases/2012/03/23/upcoming-firefox-support-changes/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: firefox mozilla
8 comment(s)
Diary Archives