Thursday, August 21, 2008
Handle: C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles.
Tuesday, August 19, 2008
Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.
Friday, August 15, 2008
Register now for the September 2008 Security Bulletin Webcast. Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: August 2008 Security Bulletin Date: Wednesday, August 13, 2008 Q: Have you had any reports of exploitation of the recent DNS vulnerability, since Dan Kaminsky released details at Defcon last week?
Friday, August 15, 2008
Hi, During this month’s webcast we were able to address 15 questions in the time allotted. There were several questions regarding ActiveX for the Cumulative IE Update (MS08-045), the Access Snapshot Viewer (MS08-041), Outlook Express Messenger (MS08-050) and the ActiveX Kill bits Security Advisory. We also fielded several questions around various deployment tools used for updating and we addressed some questions about the IPSec Update (MS08-047).
Thursday, August 14, 2008
The sniper Normal fuzzing is like shooting a machine gun in the dark and having no idea where the target is. You might hit the target a number of times, but you also miss an awful lot, and it takes a lot of rounds. Using targeted fuzzing, on the other hand, is a bit like a sniper observing the targets and picking them off one by one.
Wednesday, August 13, 2008
MS08-049 is an update for the Windows Event System service to correct an authenticated elevation-of-privilege vulnerability. We received a question via email yesterday about the type of authentication needed to exploit CVE-2008-1456. Our security bulletin was a little ambiguous with one reference to “logon credentials” and another to “domain credentials”. The email question was from an IT security manager who wondered whether his hardened servers could be compromised remotely.
Tuesday, August 12, 2008
小野寺です 今月は、事前通知でお知らせしていた件数から変更があり、計 11 件 (緊急 6 件、重要 5 件)となりま
Tuesday, August 12, 2008
小野寺です。 8 月のワンポイントセキュリティを公開しました。 2008 年 8 月のワンポイントセキュリティ情報は、
Tuesday, August 12, 2008
Hello again! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our August 2008 Bulletins. This month we released 11 bulletins, one new advisory and revised an existing advisory. We also revised four bulletins to update detection changes. Here is a brief overview of the bulletins and other content we released today.
Tuesday, August 12, 2008
MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports of active attacks.
