Nov062009

RIM fixes random code execution vulnerability

Published by hirantha at 7:28 AM under Security

Affected: BlackBerry Desktop Software version 5.0 and earlier (on all platforms) - IBM Lotus Notes Intellisync

Fixed in version 5.01

CVSS score: 9.3

CVE-2009-0306

More info: KB19701

The KB contains a workaround for those not needing the Lotus Notes Intellisync functionality.



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Oct282009

New VMware Desktop Products Released

Published by hirantha at 6:21 AM under VMWare

VMware Fusion 3.0 gone from Release Candidate to General Availability, so as  VMware Workstation 7.0 and VMware ACE 2.6

New features

  • Nested VMs.  This allows you to run ESX with guests inside of workstation
  • support for Windows7 (and it's associated new graphics APIs) and Windows Server 2008.
  • support for VMs with up to 4 processors and 32GB of memory
  • ALSA sound support for Linux
  • new "pause" feature, allowing you to pause a VM if you need some temporary processor power for your host or another VM
  • a new Virtual Network Editor

More Info

http://www.vmware.com/company/news/releases/fusion3-preorder.html
http://blogs.vmware.com/workstation/2009/10/workstation-7-release-candidate-available.html



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Oct262009

Truecrypt 6.3 released

Published by hirantha at 1:15 PM under Security

from their version history notes:

  • Full support for Windows 7.
  • Full support for Mac OS X 10.6 Snow Leopard.
  • The ability to configure selected volumes as 'system favorite volumes'.

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device).

More information here: http://www.truecrypt.org/docs/?s=version-history



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags:

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Oct202009

Oracle Critical Patch Update Advisory - October 2009

Published by hirantha at 3:20 PM under Oracle | Security

There are lots of vulnerabilities DBAs must act upon ASAP, although it "only" addresses 38 vulnerabilities...

  • 16 fixes address flaws in the Oracle database (six can be exploited remotely without user interaction)
  • 3 fixes address flaws in the Oracle Application Server (two can be exploited remotely without user interaction)
  • 8 fixes address flaws in the Oracle Applications Suite (five can be exploited remotely without user interaction)

More (advance) information in the pre-release announcement : http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Aug272009

Cisco over-the-air-provisioning skyjacking exploit

Published by hirantha at 3:44 PM under Cisco | Security

Cisco issued a security advisory for its  1100 and 1200 Series access lightweight points. The advisory is based on work done by wifi IDS firm AirMagnet. Cisco uses an Over-The-Air-Provisioning (OTAP) protocol that uses multicast data to find a controller. During this initialization phase, a rogue controller could respond and send a bad configuration to the access point, disabling the device.

Cisco provides an advisory here: http://tools.cisco.com/security/center/viewAlert.x?alertId=18919 .

The quick summary: Establish basic configuration options like encryption keys and preferred controller lists before deploying the device.



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses