January 8Microsoft Releases Advance Notification for January Security Bulletin January 8Cisco Releases Security Advisory for Global Site Selector January 8OpenSSL Releases Security Advisory December 31Rogue MD5 SSL Certificate Vulnerability December 31Worm Exploiting Vulnerability described in MS08-067 December 31 Malware Spreading via Malicious Ecards December 31Mozilla Releases Thunderbird 2.0.0.19 December 23Trend Micro Releases Updates for HouseCall December 23Microsoft Releases Security Advisory (961040) December 17Microsoft Releases Security Bulletin MS08-078 The full dirty list for the week from CERT! I imagine most web providers, even those meeting PCI compliance and HIPPA standards are way behind on OpenSSL and Apache updates? www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM > Date: Wed, 7 Jan 2009 16:19:17 -0700 > From: PLUGd@LuftHans.com > To: PLUG-discuss@lists.PLUG.phoenix.az.us > Subject: OpenSSL, MD5, CA security flaws, oh my > > moin moin, > > Lisa has probably posted the second issue, but I'm a bit behind on the > list. The first one appears to be from today and I don't see anything from > her today. > > http://openssl.org/news/secadv_20090107.txt > > OK, so DSA and ECDSA certs in OpenSSL now are suspect, but RSA is still > safe, except... > > http://www.win.tue.nl/hashclash/rogue-ca/ > > Hmm, it's possible to impersonate a CA and create RSA certs that'll be > accepted :(. > > I think the 'Outline of the attack' section indicates that the original CA > certificate is needed, so CAs moving away from MD5 can avoid the problem. > > ciao, > > der.hans > -- > # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ > # Strangers are friends just waiting to happen! > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss _________________________________________________________________ Windows Live™: Keep your life in sync. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_012009