MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
2009
Months
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct NovDec


Thu, Nov 12, 2009 10:00 pm

Checking MAC Addresses on a Cisco Switch

On a Cisco switch, you can use the show mac address-table command to view the MAC addresses of devices connected to the switch.

[ More Info ]

[/hardware/network/switch/cisco] permanent link

Thu, Nov 12, 2009 11:13 am

User Account Control (UAC) Adjustments for Windows 7

In Windows 7 is everything Vista should have been, with one noteworthy exception, Erick Voskuil, CTO for BeyondTrust, warns that Windows 7 default configuration for User Account Control (UAC) unnecessarily reduces the security of the operating system and that one should change those default settings to secure a system running Windows 7.

The default setting results in a reduction of prompts -- the prompts continue, yet security is eviscerated. Though protecting administrative credentials is clearly a secure measure, Microsoft is trying to have it both ways – arguing that UAC is not a security boundary. The purpose of UAC is to protect against malware. Even if it's not a “security boundary” the message is about defending your PC against “hackers and malicious software.” If it doesn't do that, what's the point of the remaining prompts?

In my opinion the decision to configure users this way by default violates Microsoft's “Secure by Default” principle, which says that, “software should run with the least necessary privilege.” Clearly, the operating system should support a standard user or administrator with UAC fully enabled. The proof-of-concept code to exploit this shortcoming has already been published.

Windows 7 is great stuff, just don't forget to go to the control panel and turn security on.

References:

  1. Windows 7 is everything Vista should have been, with one noteworthy exception
    By: Eric Voskuil, CTO, BeyondTrust
    Date: November 4, 2009
    SC Magazine For IT Security Professionals

[/security/patches/windows] permanent link

Thu, Nov 12, 2009 11:02 am

Microsoft Patches Released 2009-11-10

On Tuesday, November 10, 2009, Microsoft released six patches to address fifteen vulnerabilities. MS09-065 fixes three vulnerabilities in Windows kernel-mode drivers, one of which is deemed "critical" by Microsoft. It does not impact Vista or Server 2008 systems. But, on Windows 2000, XP, and Server 2003 systems, the bug can be exploited to allow remote code to be executed. The bug can be exploited by someone creating a webpage using a maliciously crated Embedded OpenType font. A victim need only view the webpage with the embedded font. Proof-of-concept code has already been released to exploit the bug through a " drive-by attack."

Another of the patches issued by Microsoft on Tuesday, MS09-067 addresses eight flaws in Microsoft Office that can lead to remote code execution should a user open an Excel file that has been crafted to exploit one of the flaws.

References:

  1. Microsoft fixes 15 flaws with six patches
    By: Dan Kaplan
    Date: November 10, 2009
    SC Magazine for IT Security Professionals

[/security/patches/windows] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo