*January 8*	Microsoft Releases Advance Notification for January Security Bulletin
*January 8*	Cisco Releases Security Advisory for Global Site Selector
*January 8*	OpenSSL Releases Security Advisory
*December 31*	Rogue MD5 SSL Certificate Vulnerability
*December 31*	Worm Exploiting Vulnerability described in MS08-067
*December 31*	Malware Spreading via Malicious Ecards
*December 31*	Mozilla Releases Thunderbird 2.0.0.19
*December 23*	Trend Micro Releases Updates for HouseCall
*December 23*	Microsoft Releases Security Advisory (961040)
*December 17*	Microsoft Releases Security Bulletin MS08-078

The full dirty list for the week from CERT!

I imagine most web providers, even those meeting PCI compliance and HIPPA standards are way behind on OpenSSL and Apache updates?

www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com (503)754-4452

January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM

> Date: Wed, 7 Jan 2009 16:19:17 -0700
> From: PLUGd@LuftHans.com
> To: PLUG-discuss@lists.PLUG.phoenix.az.us
> Subject: OpenSSL, MD5, CA security flaws, oh my
>
> moin moin,
>
> Lisa has probably posted the second issue, but I'm a bit behind on the
> list. The first one appears to be from today and I don't see anything from
> her today.
>
> http://openssl.org/news/secadv_20090107.txt
>
> OK, so DSA and ECDSA certs in OpenSSL now are suspect, but RSA is still
> safe, except...
>
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Hmm, it's possible to impersonate a CA and create RSA certs that'll be
> accepted :(.
>
> I think the 'Outline of the attack' section indicates that the original CA
> certificate is needed, so CAs moving away from MD5 can avoid the problem.
>
> ciao,
>
> der.hans
> --
> # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
> # Strangers are friends just waiting to happen!
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Windows Live™: Keep your life in sync. See how it works.