JimboC_Security

JimboC_Security

52p

112 comments posted · 0 followers · following 0

333 weeks ago @ Naked Security - Anatomy of a change - ... · 0 replies · +3 points

There is some really good information in this article that I was not aware of until now. Your style of writing is really good, it includes the mathematical fundamentals and why they matter but isn’t too hard to understand.

Thanks Paul for writing this article. As Mark said above, you have done an excellent job!

335 weeks ago @ Naked Security - Apple fixes 41 iTunes ... · 0 replies · +1 points

Thanks for the heads up on this update Chester. Apple have been slow lately to update their list of security advisories on their website:
http://support.apple.com/kb/HT1222

It will probably take a few days until this iTunes update is mentioned at that link.

335 weeks ago @ Naked Security - Apple fixes 41 iTunes ... · 1 reply · +2 points

Hi Tom,

If you are using a Mac, you can use the Software Update feature to update iTunes. The following 2 links describe how to do this:
http://www.apple.com/softwareupdate/
http://support.apple.com/kb/HT1338

For Windows, you can follow these steps:

Windows XP, Windows Vista and Windows 7:

Press the Start button and choose All Programs, near the top of the list should be Apple Software Update. When you click on this it will display a list of any updates available. iTunes 11.0.3 should be listed here.

For Windows 8:

Press the Windows Key (between the Ctrl and Alt keys in the lower left corner of your keyboard), type the words “apple software” (without the quotes) you should see an icon for Apple Software Update appear on the left side of your screen. Left click this and a list of available updates should be displayed when the program opens.

If you have any issues installing this update on Windows, you may need to choose the "Download Only" option from the Tools menu of Apple Software Update and then manually run the iTunes.msi file that is automatically displayed once the download is completed.

I hope this helps. Thank you.

335 weeks ago @ Naked Security - May Patch Tuesday crit... · 0 replies · +1 points

Hi John,

I would suggest reverting to a recent System Restore point in order to have your graphics card drivers back.

The following link explains how to use it:
http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/

I would then contact the manufacturer of your computer (especially if you are using a laptop) in order to find out how to obtain and install the correct graphics drivers for your computer. You should then be able to safely install all security updates for Windows 8 and not experience any further issues.

The following update was made available for Windows 8 on the 14th of May, it specifically mentions resolving a similar issue:
http://support.microsoft.com/kb/2836988

“Resolves an issue in which a black screen is displayed for as long as several minutes when you update a graphics driver.”

If I can provide any further advice, please let me know. I hope this helps. Thank you.

335 weeks ago @ Naked Security - May Patch Tuesday crit... · 0 replies · +3 points

As always, thanks Chester for spreading awareness of these security updates in what so far appears to be a busy month for patches.

The full offline installers for Adobe Flash (for Mac, Linux and Windows) can be obtained from the following link (which does not offer any other 3rd party software):

http://www.adobe.com/products/flashplayer/distribution3.html

I have installed all of the Microsoft and Adobe updates on my PCs and everything
continues to work as expected.

I hope this helps. Thank you.

336 weeks ago @ Naked Security - Microsoft rushes out C... · 0 replies · +1 points

Hi Richard,

I should have been clearer in my previous post. The Fix It simply removes the conditions that an exploit would need to take advantage of this vulnerability. This can be described as a mitigation but it is not a mitigation that Windows or Microsoft EMET have/use (e.g. DEP, ASLR, SEHOP, Anti-ROP etc.).

One further point I should mention is that when the final patch for this issue is made available, for any systems upon which you have installed this Fix It workaround, you should use the Uninstall link in the blog post that I mentioned in my previous post to remove the workaround.

The reason for this is as follows (also mentioned in the same blog post):

“However, applying the workaround will have a small effect on the startup time of Internet Explorer. Therefore, after you apply the yet-to-be-released final security update, you should uninstall the Fix it workaround as it will no longer be needed.”

I hope this helps. Thank you.

336 weeks ago @ Naked Security - Microsoft rushes out C... · 0 replies · +1 points

Hi Richard,

As described by Paul above and in the following blog post, the actions that the FixIt takes are to modify the in-memory copy of mshtml.dll specifically the CBlockContainerBlock::BuildBlockContainer function to force the layout structures of the DOM tree to be cleaned up before they are accessed:
http://blogs.technet.com/b/srd/archive/2013/05/08/microsoft-quot-fix-it-quot-available-to-mitigate-internet-explorer-8-vulnerability.aspx

This means that the vulnerability cannot be exploited since the conditions it relies upon to work are then no longer present.

An advantage of this FixIt is that it can be uninstalled (there is a link provided in the blog post that I linked to above), should you encounter any issues with it. I have seen comments on other blogs that say this is FixIt is working fine for them.

The final patch is being tested and is scheduled for release next Tuesday, 14th May as mentioned in the following blog post:
http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-service-for-the-may-2013-security-bulletin-release.aspx

I hope this helps. If I can answer any other questions, please let me know. Thank you.

336 weeks ago @ Naked Security - Microsoft rushes out C... · 0 replies · +1 points

Kudos to Microsoft for making a Fix It available in such a short time. In addition, they intend to issue a patch for this zero day flaw next week as mentioned in the following blog post:
http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-service-for-the-may-2013-security-bulletin-release.aspx

I realize that Google and Mozilla have shipped patches within hours but this is still a very good response time from Microsoft.

Thank you.

338 weeks ago @ Naked Security - How do you know if an ... · 0 replies · +1 points

Thanks John for this very informative article. I am often asked what do the various certifications mean and it is sometimes difficult to provide an accurate but brief answer. I will direct anyone with these questions to this very useful blog post.

Thanks again and I am looking forward to your next related article.

338 weeks ago @ Naked Security - Microsoft tells all Wi... · 0 replies · +1 points

Further steps to repair your PC are available in the following knowledge base article:
http://support.microsoft.com/kb/2839011

The Microsoft Support staff are only trying to assist you. While it is a frustrating situation, please try to work with them as best as you can.

If I can assist any further, please let me know and I will be happy to do so.

I hope this helps. Thank you.