Skip to main content

Posts

Showing posts from May, 2008

Apple also released Security Update 2008-003

AFP Server
Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich
Apache
Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.
AppKit
Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

Apple Pixlet Video
Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.
ATS Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College
CFNetwork
Issue: Vulnerability leading to disclosure of sensitive informa…

Apple also released Security Update 2008-003

AFP Server
Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich
Apache
Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.
AppKit
Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

Apple Pixlet Video
Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.
ATS Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College
CFNetwork
Issue: Vulnerability leading to disclosure of sensitive informa…

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.
General

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory …

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.iTunes users, go here to subscribe.Non-iTunes users, go here to download.Thanks!

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.
General

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory …

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.iTunes users, go here to subscribe.Non-iTunes users, go here to download.Thanks!

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!



Subscribe in a reader

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!



Subscribe in a reader

Debian SSL Comic

Classic!

Debian SSL Comic

Classic!

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.
If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!
Subscribe in a reader

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.
If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!
Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.
All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  
We will probably move the ISC to Yellow at some point today to raise awareness.
Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.
All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  
We will probably move the ISC to Yellow at some point today to raise awareness.
Subscribe in a reader

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.
Subscribe in a reader

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.
Subscribe in a reader

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Things I was Googled for

Here we are with Episode 2 of the "Things I was Google for Blog Entries"

"san antonio 2006 war" -- I have no idea why you wound up here. I've been to San Antonio, once, and I thought it was nice.

"kevin spacey star wars" -- Dude, hilarious. I know how you got here. This entry right here. My God that's funny.

"$8 gas" -- Gas is going to get to 8 bucks, I hope soon they do something about it. I wanna drive my Hummer. (No, I don't actually have a Hummer)

"isc podcast" -- Yup, that's the podcast I host. Check it out right here. http://isc.sans.org/podcast.xml

"relay transfer skype" -- You probably got here because of the article on Skype that I wrote. Read it.

"gdbm tiger" -- Here you go. You are probably trying to get gdbm working on OS X Tiger. Go here.

"GTD" -- GTD, stands for "Getting Things Done" I have a whole category of posts about it.

"weather.com-local weather page&…

Things I was Googled for

Here we are with Episode 2 of the "Things I was Google for Blog Entries"

"san antonio 2006 war" -- I have no idea why you wound up here. I've been to San Antonio, once, and I thought it was nice.

"kevin spacey star wars" -- Dude, hilarious. I know how you got here. This entry right here. My God that's funny.

"$8 gas" -- Gas is going to get to 8 bucks, I hope soon they do something about it. I wanna drive my Hummer. (No, I don't actually have a Hummer)

"isc podcast" -- Yup, that's the podcast I host. Check it out right here. http://isc.sans.org/podcast.xml

"relay transfer skype" -- You probably got here because of the article on Skype that I wrote. Read it.

"gdbm tiger" -- Here you go. You are probably trying to get gdbm working on OS X Tiger. Go here.

"GTD" -- GTD, stands for "Getting Things Done" I have a whole category of posts about it.

"weather.com-local weather page&…

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  
Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.
Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!
Subscribe in a reader

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  
Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.
Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!
Subscribe in a reader

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.
Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  
It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  
Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 8…

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

Subscribe in a reader

Apple's Safari Market Share on Windows Tripled!

Normally I'd be excited about this, but I am not.  Not really.  Since the way that Apple went about was slightly shady.  I wrote about it here.  And Apple did exactly as I thought they were going to do and trumpet the fact that they now have three times the market share that they used to, but they did it in kind of a shady way.  I called it!
Subscribe in a reader

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.
Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  
It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  
Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 8…

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

Subscribe in a reader