Microsoft Security Bulletin MS10-046 was released this morning and has extensive detail on how to patch or workaround the vulnerability in windows shell that allows remote code execution. A couple keys points in the advisory: First, Microsoft notes that the exploit only gains the rights of a local user. It is fine to suggest a … Continue reading Windows Shell Exploit Patch: CVE-2010-2568
This is not to be confused with FISMA Phase II, which had to do with NIST credentials for FISMA assessors. The new FISMA II proposal is said to bring an emphasis on security and not just compliance. While FISMA originally may have been a good idea to introduce some standards across the federal government as … Continue reading FISMA II Debate: Writing Versus Securing
A sunny afternoon in December of 1990 I hiked down from Sarangkot Summit, near the base of Annapurna north of Pokhara, Nepal. I carefully chose my steps in the loose dirt on a narrow path, trying to keep balance enough to catch a glimpse of Phewa Lake. Looking ahead I noticed a young man headed … Continue reading Fighting Terror With Jobs
A PowerEdge R410 replacement motherboard was shipped to a customer with malware already on it. The PowerEdge General HW Forum now informs him that it is nothing to worry about for seven reasons, which include the following: The maximum potential exposure is less than 1% of these server models. […] Dell has removed all impacted … Continue reading Malware Found on Dell MBoards