Salted Hash — IT security news
About this Blog:
IT security news analysis, over easy!
A Patch Tuesday hole to watch for
Microsoft's January 2011 security update doesn't come out for several hours, but some security vendors are already making noise about what they expect to go unfixed.
Specifically, you can expect to hear about Redmond's lack of action on a vulnerability discovered by researcher Michal Zalewski.
Security researchers have already warned of exploits against this particular flaw, and some -- including Imperva senior security strategist Noa Bar Yossef -- are suggesting measures to blunt the impact.
Here's Yossef's tips, e-mailed to me by Imperva/Page One PR man Clinton Karr:
1. Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.
2. Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around.
3. Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that MS released a patch which broke another fix.
Watch this space later for more on the January security update from Microsoft.
--Bill Brenner
Specifically, you can expect to hear about Redmond's lack of action on a vulnerability discovered by researcher Michal Zalewski.
Security researchers have already warned of exploits against this particular flaw, and some -- including Imperva senior security strategist Noa Bar Yossef -- are suggesting measures to blunt the impact.
Here's Yossef's tips, e-mailed to me by Imperva/Page One PR man Clinton Karr:
1. Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.
2. Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around.
3. Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that MS released a patch which broke another fix.
Watch this space later for more on the January security update from Microsoft.
--Bill Brenner
WEBCAST
Transition Confidently to the Cloud
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
WHITE PAPER
Magic Quadrant for Enterprise Information Archiving
Gartner evaluates vendors offering products and services that provide archiving for email, files and other content types.
Recent Comments
Webcasts
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Security Analytics Video
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- B2B Integration on Cloud: Real World Solutions and Technology Advances
White Papers
