Archive for 'Blind spots' Category
Remote exploit in Adobe Flash player
Yet another remote code execution vulnerability has been found in the Adobe Flash player plug-in. This time all of versions 7 and 8 are affected on “all platforms” (the current version of Flash player is 9). Serious vulnerabilities in Flash have been discovered many times before (CVE-2006-3587, CVE-2006-0024, MPSB05-07 and CVE-2002-0477). The interesting thing is [...]
Read the rest of this entry...Spreadsheets considered harmful
The folks over at Computerworld have noticed that spreadsheets are a security risk. Sadly, the article focuses entirely on disclosure issues: users keeping spreadsheets with sensitive data on their desktops and laptops which then are lost or compromised. A far more serious risk of spreadsheet use is that they are highly trusted in making business [...]
Read the rest of this entry...Hardening DNS with the Cymru Secure BIND template
When we go into a new client’s site one of the first things we look at is configuration of local DNS servers. DNS is key to the security of the entire organization, yet what we usually find are servers wide open to attack. The most common issues we find are things like running an ancient [...]
Read the rest of this entry...