copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Publications
»
AusCERT Web Log
» Week in review ending 21-January.
Week in review ending 21-January.
Date:
21 January 2011
Click here for printable version
Good afternoon,
After a challenging week for everyone here at AusCERT I am pleased to say that we are now back to 100% operational capability. AusCERT has contingency plans that allowed us to continue our operations on critical items during the flood. It seemed to go relatively smoothly for us. I'd be interested in hearing from anyone on how they fared with respect to their distaster recovery and security procedures. Were they successful? What would you change?
In my opinion there are two vulnerabilities to mess yourself over. The first is the Citrix Access Gateway vulnerability [1] and the second is the updates from Oracle. [2] Another vulnerability of concern is the remote denial of service in the Cisco ASA 5500. [3] If your organisation is still using an older authentication method for Citrix clients, then it is a good time to look at upgrading to a newer mechanism. The original advisory contains more details including a proof of concept so you can see if you are vulnerable. [4]
This week Microsoft announced a new tool, still in beta, to assist organisations with the attack surface of applications. The application called "Attack Surface Analyzer", takes a snapshot before and after the installation of a program and compares the changes. More information is available at the Microsoft website and the SDL team's blog. [5]
Another important item on AusCERT's agenda is the conference. Tonight the call for papers will close at 11pm (2300 GMT+1000), so if you can write up a couple of words on what you'd like to tell the world about (or 1200 delegates) then please don't hesitate to submit your abstract. The abstract is all that is required until you get accepted for the conference. Registrations will also be opening soon.
To all the people who have affected by the natural disasters that have been occurring over the last couple of weeks, we would like to remind you that our thoughts are with you and your family and that we hope everything is okay.
Regards,
Zane.
[1] http://www.auscert.org.au/13833
[2] http://www.auscert.org.au/13846
[3] http://www.auscert.org.au/13851
[4] http://www.vsecurity.com/advisory/20101221-1.txt
[5] http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx
Comments? Click here
http://www.auscert.org.au/render.html?cid=7066&it=13862