Infocon: green

OWASP Session Management “Cheat Sheet”

When the FakeAV coder(s) fail, (Mon, Jul 25th)

As I already wrote in many previous diaries, various FakeAV groups go through a lot of work to make …(more)…

Apple released patch for iWork security issue http://support.apple.com/kb/HT1222, (Mon, Jul 25th)

——

Johannes B. Ullrich, Ph …(more)…

iOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222, (Mon, Jul 25th)

——

Johannes B. Ullrich, Ph …(more)…

Monday morning incident handler practice, (Mon, Jul 25th)

This is a hypothetical scenario to get the old grey matter thinking on how you, the incident handler …(more)…

Apple Battery Firmware Default Password, (Sat, Jul 23rd)

Yesterday, I wrote about all the great things Apple did to improve security in its new operating sys …(more)…

Lion: What is new in Security, (Thu, Jul 21st)

Once you are over the online install experience, the upside down mouse gestures and all the other bl …(more)…

Lion Released, (Thu, Jul 21st)

Those of you that are Apple users will no doubt have noticed a few updates to Safari, but more impor …(more)…

Down the FakeAV rabbit hole, (Thu, Jul 21st)

This one started with ISC reader Lorenzo spotting a suspicious EXE download in his proxy log …(more)…

MS11-056 – Important: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)

Bulletin Severity Rating:Important – This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

-->