Mu ubuntu machines have been patching almost daily as these have been rolling out... wich is nice, but i have been having to stay on top of them. On Thu, Jan 8, 2009 at 5:37 PM, Lisa Kachold wrote: > January 8Microsoft Releases Advance Notification for January Security > Bulletin > January 8Cisco Releases Security Advisory for Global Site Selector > January 8OpenSSL Releases Security Advisory > December 31Rogue MD5 SSL Certificate Vulnerability > December 31Worm Exploiting Vulnerability described in MS08-067 > December 31 Malware Spreading via Malicious Ecards > December 31Mozilla Releases Thunderbird 2.0.0.19 > December 23Trend Micro Releases Updates for HouseCall > December 23Microsoft Releases Security Advisory (961040) > December 17Microsoft Releases Security Bulletin MS08-078 > > The full dirty list for the week from CERT! > > I imagine most web providers, even those meeting PCI compliance and HIPPA > standards are way behind on OpenSSL and Apache updates? > > www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com > (503)754-4452 > ________________________________ > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security > Forensics @ UAT 1/10/09 12-3PM > > >> Date: Wed, 7 Jan 2009 16:19:17 -0700 >> From: PLUGd@LuftHans.com >> To: PLUG-discuss@lists.PLUG.phoenix.az.us >> Subject: OpenSSL, MD5, CA security flaws, oh my >> >> moin moin, >> >> Lisa has probably posted the second issue, but I'm a bit behind on the >> list. The first one appears to be from today and I don't see anything from >> her today. >> >> http://openssl.org/news/secadv_20090107.txt >> >> OK, so DSA and ECDSA certs in OpenSSL now are suspect, but RSA is still >> safe, except... >> >> http://www.win.tue.nl/hashclash/rogue-ca/ >> >> Hmm, it's possible to impersonate a CA and create RSA certs that'll be >> accepted :(. >> >> I think the 'Outline of the attack' section indicates that the original CA >> certificate is needed, so CAs moving away from MD5 can avoid the problem. >> >> ciao, >> >> der.hans >> -- >> # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ >> # Strangers are friends just waiting to happen! >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > ________________________________ > Windows Live™: Keep your life in sync. See how it works. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss