DarkFiber Consulting - IT Managed Services » Spoof

Microsoft Releases October Security Bulletin

DarkFiber Consulting — Wed, 14 Oct 2009 10:06:55 +0000

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Silverlight, Internet Explorer, .NET Framework, Office, SQL Server, Developer Tools, and Forefront as part of the Microsoft Security Bulletin Summary for October 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-service condition, or spoof an end user or website.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Denial Of Service, Developer Tools, Forefront, Internet Explorer, Microsoft, Microsoft Internet, Microsoft Security Bulletin, Microsoft Windows, Privileges, Security Policies, Server Developer, Spoof, Vulnerabilities

Rogue MD5 SSL Certificate Vulnerability

DarkFiber Consulting — Tue, 30 Dec 2008 22:05:26 +0000

DarkFiber Consulting is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Arbitrary Web, Attacker, Ca Certificate, Ca Certificates, Collisions, Md5, Redirection, Rogue, Spoof, Ssl Certificate, Ssl Certificates, Vulnerability

Apple Releases iPhone OS 2.2 and iPhone OS for iPod touch 2.2

DarkFiber Consulting — Tue, 25 Nov 2008 05:00:32 +0000

Apple has released OS 2.2 for the iPhone and iPod touch to address multiple vulnerabilities. These vulnerabilities affect CoreGraphics, ImageIO, Networking, Office Viewer, Password Lock, Safari, and Webkit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, place arbitrary calls, cause a denial-of-service condition, spoof user interface, and obtain sensitive information.

DarkFiber Consulting encourages users to review Apple Article HT3318 and apply any necessary updates.

Tags: Address, Apple 2, Apple Article, Apple Os, Arbitrary Code, Attacker, Denial Of Service, Iphone, Ipod, Nbsp, Necessary Updates, Networking, Os 2, Safari, Spoof, User Interface

VMware Releases Security Advisory VMSA-2008-0017

DarkFiber Consulting — Sat, 01 Nov 2008 05:00:36 +0000

VMware has released a Security Advisory indicating it has updated the ESX packages to address vulnerabilities in libxml2, ucd-snmp, and libtiff. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, spoof authenticated SNMPv3 packets, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review VMware Security Advisory VMSA-2008-0017 and apply any necessary updates to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Denial Of Service, Necessary Updates, Security Advisory, Spoof, Ucd Snmp, Vmware

Apple Releases iPhone v2.1

DarkFiber Consulting — Fri, 12 Sep 2008 17:46:42 +0000

Apple has released iPhone v2.1 to address multiple vulnerabilities in Application Sandbox, CoreGraphics, mDNSResponder, Networking, Passcode Lock, and Webkit. These vulnerabilities may allow an attacker to execute arbitrary code, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, bypass Passcode Lock, obtain sensitive information, or cause a denial-of-service condition.

DarkFiber Consulting encourages users to review Apple document HT3129 and upgrade to iPhone v2.1.

Tags: Address, Apple 1, Arbitrary Code, Attacker, Denial Of Service, Iphone, Networking, Spoof, Tcp Sessions, Vulnerabilities

Apple Releases Security Updates

DarkFiber Consulting — Thu, 11 Sep 2008 04:15:18 +0000

Apple has released four security updates to address multiple vulnerabilities in iTunes, QuickTime, iPod touch, and Bonjour for Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, access the system with escalated privileges, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:

iTunes 8.0 (Article: HT3025)
QuickTime 7.5.5 (Article: HT3027)
iPod Touch v2.1 (Article: HT3026)
Bonjour for Windows 1.0.5 (Article: HT2990)

Tags: Address, Apple Updates, Arbitrary Code, Attacker, Bonjour For Windows, Denial Of Service, Itunes, Necessary Updates, Privileges, Quicktime, Security Articles, Security Updates, Spoof, Tcp Sessions, Vulnerabilities