Web + Patch

Review: IBM’s Proventia Management SiteProtector

[...] Most organisations have embraced the web to some extent to provide user-friendly applications for employees, customers and partners. However, while Web 2.0 collaboration technologies can increase productivity, they also provide a larger attack surface for miscreants. [...] I created my own scan by clicking New Scan, Web Application Scan (the other choice is Web Services Scan), then assigning a start URL before training AppScan with the proper authentication mechanisms and credentials and selecting vital few, invasive or complete test policy options. [...] In its 2008 Trend and Risk Report, IBM's Internet Security Systems X-Force group reported that 54.9 percent of all disclosed vulnerabilities in 2008 web application vulnerabilities, and of those web application vulnerabilities, 74 percent had no patch by the end of 2008. [...]

more...

Lenovo ThinkServer RD120 - A Branch Contender

[...] NET Framework 2.3 and Microsoft Web Services Enhancements 2.0 SP3. [...] One very cool thing is that you can create and deploy custom install packages. This means that headquarters could push not only basic patches for OS and applications out to branch offices, but also installation packages and patches of custom applications. [...] ThinkServer EasyUpdate can be a boon to server administrators who haven't yet automated the patching process. Essentially, the software provides a single Web interface to prioritise, select, download, and install any patch (OS, drivers, apps) to the server. [...]

more...

Trend Aims To Simplify Endpoint Security

[...] The current release contains three modules. Core Protection Module, Web Protection Module and a Patch Management Module. A data leak prevention module based on technology the company acquired from Provilla will be available in June, the security vendor said. [...] Enterprises need proactive security solutions that are able to immediately detect new and emerging Web-based threats without overburdening their endpoints. The cloud-client infrastructure behind File Reputation means fewer updates to the client, with a more predictable impact on endpoint resources, said Jon Oltsik, senior analyst for Enterprise Strategy Group, in a statement. [...]

more...

Microsoft Azure Cloud SDK

[...] If you want to follow along, you'll need either Vista with Service Patch 1 or Windows Server 2008, as well as Visual Studio 2008. (Or instead of Visual Studio 2008, Visual Web Developer 2008 Express Edition works, too, according to the online documentation). [...] Microsoft uses the word role to mean a single code component that runs. For example, you might create an ASP.NET application, which would be a role, in this case a Web role. Further, you might create additional modules that run in the background. these are called worker roles. [...]

more...

Firefox Breaks 1 Billion Mark To Challenge IE

[...] Mozilla Firefox, the open-source challenger to Microsoft's Internet Explorer, passed the 1-billion download mark on 31 July, with a Website and Twitter feed marking the occasion. [...] Firefox remains well ahead of Google Chrome, which StatCounter estimated as having a 2.0 percent market share, and Apple Safari, which owned a 1.4 percent market share. The research firm's accompanying report to those numbers suggested that enterprise integration of new browsers could lead to increased productivity, as workers utilised those applications' latest enhancements to better leverage Web-based applications. [...] Those numbers doubtlessly have shifted since Mozilla's release of Firefox 3.5, which included new features such as support for HTML 5, JSON and Web worker threads, on June 30. It followed the release by announcing an upcoming patch, Firefox 3.5.1, that would include fixes to the JavaScript engine, TraceMonkey, and adjust how the browser wins in Windows XP. [...]

more...

Apple Patches Older Version Of Leopard OS

[...] Only days after the launch of its new operating system (OS), Snow Leopard, computer maker Apple is alerting users to a Java security patch for its older, Leopard OS X. [...] A stack buffer overflow exists in [the] Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution.. [...] The Apple patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20 and 1.4.2_22. In the update, Apple cautioned. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. [...]

more...

Microsoft Requests Judicial Review Of Word-Ban Case

[...] On the OEM site, a note read. Microsoft has released a supplement for Office 2007 (October 2009). The following patch is required for the United States. The patch will work with all office 2007 languages. & After this patch is installed, Word will no longer read the custom XML elements contained within DOCX, DOCM or XML files.. [...] That last sentence suggested that Microsoft could have fixed copies in stores by 11 Jan. The 12.9MB patch itself was immediately made available on Microsoft's OEM Partner Centre Website. After its installation, any custom XML elements will be removed from documents with those file types. [...] On 22 Dec, less than a day after the court upheld the verdict, Microsoft issued a patch that seemed to allow Word to sidestep the alleged infringement. [...]

more...

Microsoft Issues First Security Patch Of 2010

[...] Microsoft is planning to plug a Windows security hole rated critical for Windows 2000 systems, in the company's first Patch Tuesday of the year. [...] Microsoft is also not releasing a patch for the IIS (Internet Information Services) problem reported in late December. According to Microsoft, the issue is not an actual vulnerability in IIS 6.0, but an inconsistency in how it handles semicolons that can only be exploited if IIS is configured in a vulnerable setting. [...] The first Patch Tuesday release of 2010 will contain a fix rated critical for Windows 2000 users and low for others. According to Microsoft's pre-Patch Tuesday notification, the bulletin addresses a remote code execution vulnerability, and the exploitability index the rating system that predicts the likelihood of a successful exploit is not high. [...]

more...

Microsoft Planning IE Patch Following Google Attack

[...] Microsoft is planning an out-of-band patch for the Internet Explorer vulnerability attackers exploited to hit Google and other companies. [...] In the past few days, France and Germany have advised their citizens to switch from IE to other browsers as they await a patch from Microsoft. Attack code for the vulnerability meanwhile continues to appear on the Internet, though so far it seems to have only been used successfully in targeted attacks focused on IE 6. [...] George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Security group, announced that Microsoft would offer a timeline for the patch on 20 Jan. The company's move follows news that France and Germany are encouraging users to shun Internet Explorer for now in favor of other browsers. [...]

more...

Microsoft To Release IE Cyber-Attack Patch

[...] According to Microsoft, the patch is slated to be ready around 1 p.m. US EST. If all goes according to plan, the patch will close a hole that has prompted France and Germany to advise users to avoid IE and the U.S. State Department to demand answers from China. [...] Microsoft has no choice but to release an out-of-band patch for this. with France and Germany having issued notices warning people of the perils of using Microsoft's Internet Explorer, the exploit's role in compromising Microsoft's archrival' Google, among others, and widespread press coverage, Microsoft found itself in a precarious position, said Josh Phillips, virus researcher with Kaspersky Lab. [...] Microsoft is releasing a patch to plug the Internet Explorer security hole exploited in a spate of cyber-attacks against Google and others. [...]

more...

Search in...