Jeremiah Grossman, director tècnic de WhiteHat Security explica en aquest vídeo la diferència entre la seguretat de les aplicacions web i la seguretat a nivell de xarxa així com del procés de valoració de la seguretat. També comenta la seva experiència com responsable de seguretat a Yahoo!
[SANS Institute] Windows Animated Cursor Handling vulnerability. Microsoft anuncia l'existència d'una vulnerabilitat en la gestió dels punters animats de ratolí. Afecta a Windows 2000 SP4, Windows XP SP2, Windows 2003 SP1 i Windows Vista.
Affected are Win2k SP4, XP SP2, Server 2003 and Vista. While Animated cursors are usually downloaded as .ani files, blocking these files is not sufficient to mitigate the vulnerability. We have received reports of this vulnerability being exploited in the wild using files renamed to jpeg.
Mitigation:
Microsoft is reporting that users of Internet Explorer 7 with Protection Mode are protected from active exploitation. Note that this does not apply to Outlook !;
E-mails opened in plaintext will not show embedded ANI files. Note that HTML attachments can still be interpreted when separately clicked upon. [Thunderbird | Outlook & 2.0]
Anti-virus detection is very spotty. We've tested some of the exploits and they were detected by Windows Live OneCare 1.2306 and McAfee 4995. One specific file was also discovered by a product triggering on a signature written for MS05-002, a similar vulnerability from 2005. This will not apply to most exploits in the wild.
RegLookup és una eina per sistemes Unix per accedir, en modalitat de lectura, el registre dels sistemes Windows NT, 2000 i XP.
RegLookUp is a small command line utility for reading and querying Windows NT/2K/XP registries. RegLookupUp is released under the GNU PL, and is implemented in ANSI C,
(..)
Currently the program allows one to read an entire registry and output it in a (mostly) standardized, quoted format. It also provides features for filtering of results based on registry path and data type.
. Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
