YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
From their Security Bulletin "Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system." Fixes the following CVE entries: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168. It appears as though Adobe is going for a weekly update cycle.
More details are here: https://www.adobe.com/support/security/bulletins/apsb12-19.html
Thanks Toby and Rene for writing in!
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
I will be teaching SANS Sec560 in Montreal this September, and Sec542 in Vancouver this December.
RuggedCom fails key management 101 on Rugged Operating System (ROS)
The Rugged Operating System (ROS) has a hard coded RSA private key used for SSL/TLS communications. With the private key from a server being a known value it is not difficult to decrypt any traffic to/from the device. This vulnerability could lead to loss of confidentiality, loss of integrity, and loss of availability for a device that should be secure and reliable. This is the same set of devices that had a backdoor account disclosed in April, where the account name was factory and the password was based on the MAC address. These devices are often used in SCADA and process control systems, where they should be adequately protected from any potentially hostile network access. For 'hardened' devices these two significant fails to implement security properly makes you wonder.
The key management fail is from an ICS-CERT ALERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-234-01.pdf
The backdoor and password management fail is here: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf
Thanks Andrew for writing in!
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
I will be teaching SANS Sec560 in Montreal this September, and Sec542 in Vancouver this December.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago