| |
 |
 |
 |
|
|
|
|
Date: 27 July 2012
Click here for printable version
End of week Greetings,
High profile data breaches have been pre-occupying the media for much of this week, with much less attention being focused on avoiding breaches in the first place.
Hardening your world facing web infrastructure doesn't happen by accident, or the press of a button, it takes time, effort and significant amounts of planning.
Here are some quick points to consider:
- Is ALL your world facing infrastructure patched?
- Is your web infrastructure configured appropriately?
- If you have a legacy site that you don't really care about (or patch very
often), does it still need to be facing the Internet at large?
- On production sites, are you using a Web Application Firewall like ModSecurity?
- Are you monitoring your all logs in real time with OSSEC or something similar?
- Have you taken the time to read some good reference material such as:
Apple Released OS X 10.8 (Mountain Lion) this week, and is available for those game enough to try revision 1 of a product. More attention has been paid to security with Gatekeeper being a potentially valuable addition by making it harder for malicious software to be installed. Along with Address Space Layout Randomization (ASLR) OS X 10.8 also includes a Password Assistant feature to assist in the generation of strong passwords and keep them private and encrypted.
At the Black Hat security conference held this week in Las Vegas, security researcher Charlie Miller demonstrated how modern Android and Meego phones could be attacked using Near Field Communication (NFC). Using a Google/Samsung Nexus S and Nokia N9 Miller showed how it was possible to infect the smartphones with malicious code, without the need of interaction from the phone user. While NFC only has the range of a few centimetres, various tricks can be used to extend this range, and malicious NFC enabled devices could be easily hidden in very public places. Until this new technology matures, it would be wise to disable NFC on your smartphone, except for the occasions when you really need to use it.
For those who have not yet attended to them, here are my top 5 patches/actions for the week:
1) ESB-2012.0701 - [Win][UNIX/Linux] BIND: Denial of Service - Remote/Unauthenticated
Appropriately named, BIND is the glue that holds much of the Internet together. Any issues with BIND are rather serious, a denial of service even more so. While you need to be running DNSSEC for this vulnerability to be a problem, if you are then patch right away.
2) ESB-2012.0700 - [Win][UNIX/Linux] DHCP: Denial of service - Remote/unauthenticated
People will likely complain about "the network being down" when DHCP is not handing out addresses to authorised hosts upon request. To avoid this happening, apply this patch, or the related one from your vendor as they come out, like Debian for example (ESB-2012.0709).
3) ESB-2012.0702 - ALERT [Win] Microsoft Exchange Server and FAST Search Server 2010 for Sharepoint: Execute arbitrary code/commands - Remote/unauthenticated
Following on from the Oracle mega-bulletin last week, Microsoft have provided workarounds for remote code execution vulnerabilities in Microsoft Exchange Server and FAST Search Server 2010 for SharePoint. If you're running MS Exchange, you need to read this advisory and apply the workarounds where you can.
4) ESB-2012.0697 - [Win][UNIX/Linux] Symantec Web Gateway: Multiple vulnerabilities
Remote code execution or service denial is never nice, especially against a management console. Better apply this patch if you're a Symantec Web Gateway shop.
5) ESB-2012.0705 - [OSX] Safari: Multiple vulnerabilities
Up to date Web browsers should always be used. Safari running on OS X is no exception. Patch this presently!
Happy mitigating and patching,
Marco
|
|
|
|
 |
|
 |
|
|