copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » Week in review ending 21-January.
 

Week in review ending 21-January.
Date: 21 January 2011

Click here for printable version
Good afternoon,

After a challenging week for everyone here at AusCERT I am pleased to say that we are now back to 100% operational capability. AusCERT has contingency plans that allowed us to continue our operations on critical items during the flood. It seemed to go relatively smoothly for us. I'd be interested in hearing from anyone on how they fared with respect to their distaster recovery and security procedures. Were they successful? What would you change?

In my opinion there are two vulnerabilities to mess yourself over. The first is the Citrix Access Gateway vulnerability [1] and the second is the updates from Oracle. [2] Another vulnerability of concern is the remote denial of service in the Cisco ASA 5500. [3] If your organisation is still using an older authentication method for Citrix clients, then it is a good time to look at upgrading to a newer mechanism. The original advisory contains more details including a proof of concept so you can see if you are vulnerable. [4]

This week Microsoft announced a new tool, still in beta, to assist organisations with the attack surface of applications. The application called "Attack Surface Analyzer", takes a snapshot before and after the installation of a program and compares the changes. More information is available at the Microsoft website and the SDL team's blog. [5]

Another important item on AusCERT's agenda is the conference. Tonight the call for papers will close at 11pm (2300 GMT+1000), so if you can write up a couple of words on what you'd like to tell the world about (or 1200 delegates) then please don't hesitate to submit your abstract. The abstract is all that is required until you get accepted for the conference. Registrations will also be opening soon.

To all the people who have affected by the natural disasters that have been occurring over the last couple of weeks, we would like to remind you that our thoughts are with you and your family and that we hope everything is okay.

Regards,
Zane.

[1] http://www.auscert.org.au/13833
[2] http://www.auscert.org.au/13846
[3] http://www.auscert.org.au/13851
[4] http://www.vsecurity.com/advisory/20101221-1.txt
[5] http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=13862