Posts by mjc

2 min Microsoft

Microsoft Security Bulletin Summary for December 2012

Microsoft Security Bulletin Summary for December 2012 contains seven bulletins; five critical and two important. The key take away for this month's patch cycle is that most of the impact related to these vulnerabilities can be drastically minimized if the “least privilege” principle is enforced in organizations. It's always a good idea to look at the proliferation of administrative accounts, and many organizations can bring in the new year with fresh patches and limiting their administrative ac

2 min Microsoft

Microsoft Security Bulletin Summary for November 2012

Microsoft Security Bulletin Summary for November 2012 contains eight bulletins and patches 17 vulnerabilities. A couple of bulletins – MS12-071 and MS12-075 – will need to be addressed as soon as possible. MS12-071 is a cumulative security update for Internet Explorer 9. This will be a priority for both businesses and consumers since an attacker would be able to compromise their system if the user visits a malicious web page. MS12-071 patches three vulnerabilities in Internet Explorer 9, and M

2 min Microsoft

Microsoft Security Bulletin Summary for October 2012

Microsoft Security Bulletin Summary for October 2012 contains 7 bulletins to patch 20 vulnerabilities. MS12-064, rated at critical, affects Microsoft Word and would allow an attacker to send a malicious file which, when opened or previewed, would fully compromise the victim's system. Organizations and consumers should apply this patch as soon as possible. This is the type of exploit that we have seen being used as a part of spear phishing attacks. MS12-067 is an important bulletin which coul

1 min Exploits

White House Spear Phished

Yesterday news broke that an unclassified system at the White House Military Office was breached via a spear phish attack. The news of this attack is not surprising at all. Our government networks are under non-stop targeted attacks and some of these attacks will eventually compromise the intended victim. The reports that we've seen indicate that it was an unclassified network that was compromised. These types of systems are connected directly to the Internet, and wouldn't be considered mission

2 min Microsoft

Microsoft Security Bulletin Summary for September 2012

The Microsoft Security Bulletin Summary for September 2012 includes just two bulletins, both of which address vulnerabilities rated “important”. The first, MS12-061, addresses a cross site scripting vulnerability (CVE-2012-1892) that affects Microsoft Developer Tools. The second bulletin, MS12-062, addresses a reflective cross site scripting vulnerability in System Center Configuration Manager (CVE-2012-2536). Both of these vulnerabilities would result in escalation of privileges should an attac

1 min Microsoft

Microsoft Security Bulletin Summary for August 2012

Microsoft's Patch Tuesday Security Bulletin Summary for August 2012 contains nine bulletins and addresses 28  vulnerabilities. MS12-052 is a critical patch for four vulnerabilities in Internet Explorer 6, 7, and 8. This bulletin is a continuation in Microsoft's monthly Internet Explorer patch cadence. This should be number one on organizations' and consumers' “must patch” list. MS12-053, labeled as critical, patches yet another Remote Desktop Protocol (RDP) vulnerability, though Microsoft st

3 min Government

There's a Hole in the Network

In this post SecurityStreet meets Sesame Street. One of my favorite travel songs growing up was "There's a hole in the bucket". The song can literally go on forever, which can be headache inducing at times. Here's the Sesame Street rendition, it may hit close to home as it did with me. Why am I telling you this? Well, it feels to me like "There's a hole in the bucket" is a lot like "There's a vulnerability in the network". During my background in the military and government organizations, I

1 min Exploits

Yahoo! Voices Breach Infographic

On July 11th, Yahoo! Voices website made news when 453,492 accounts containing email addresses and passwords were breached. David Maloney (@TheLightCosine [http://twitter.com/thelightcosine/]) and I performed some analysis on the leak and our Rapid7 team created the infographic below. There is an old saying, "I can show you better than I can tell you!", and this infographic drives several points home. You can click on the image to enlarge it or download it here [http://www.rapid7.com/img/resourc

2 min Microsoft

Microsoft Security Bulletin Summary for July 2012

The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important. All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit malicious web pages. All three of the critical bulletins should serve as a warning that organizations will continue to face client-side browser related attacks. MS12-043 addresses a vulnerability that is curre

2 min Microsoft

Microsoft Security Bulletin Summary for June 2012

The Microsoft Security Bulletin Summary for June 2012 contains 7 bulletins addressing 28 security bugs.  Three of the bulletins are rated “critical” and the rest “important”. MS12-036 is a critical bulletin that addresses vulnerabilities allowing an attacker remote code execution related to the Windows Remote Desktop Protocol (RDP). This relates to MS12-020, which had organizations on high alert in March after Microsoft issued warnings that the vulnerability could be weaponized to result in wid

1 min Exploits

Oracle Issues Java Security Fixes

Oracle released Java Release 7 Update 5 and Java Release 6 Update 33 in order to patch several security vulnerabilities. I expect older versions to have public exploit code available soon. IsJavaExploitable.com [http://isjavaexploitable.com/] has been updated to assist everyone in detecting if they need to upgrade. Apple has also made patches available for OS X, which is a testament to Apple improving their consumer security. In the last couple of months Apple has made drastic improvements on re

2 min Authentication

It's Time to Ban Bad Passwords

An important thing in the world of information security is to learn from our past mistakes. With 24-hour news cycles and the Internet, netizens seem to have developed very short memories. In late 2010, Gawker Media was compromised, revealing 188,279 plaintext passwords online. Many researchers analyzed the data and found simple passwords heavily in use. Last week, LinkedIn password data was posted online with a total of 6.5 million SHA1 hashes. Being that only unique hashes were released the

1 min Microsoft

Microsoft Releases Windows Server Update Services (WSUS) Update

Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2): http://support.microsoft.com/kb/2720211 By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From a security perspective, Flame isn't a mass threat to most organizations; however, this is a way to ensure the integrity of the update process. It is apparent that Microsoft was working on many of these upda

1 min Authentication

How to Change Your LinkedIn Password

Here is a couple of screen captures to help people change their LinkedIn Password. I highly recommend reading this post on Password Tips [/2011/08/16/10-password-tips-to-avoid-data-breach-catastrophes]. Click on your username > Settings: Click on Account > Change password

2 min Networking

Confusion over the FLAME platform and Flame Malware

I've seen a couple of postings on the Internet about a possible link between Flame malware with a project from National Laboratory for Scientific Computing (LNCC) in Brazil. They released a tool called Flexible and Lightweight Active Measurement Environment (FLAME) in 2009. This version of FLAME is a platform for prototyping network tools, which uses Lua as an extension language. FLAME allowed for the capability to deploy and remotely control packet flooding agents through instant messenger, and