AusCERT - Press F1 to continue...

HOME

About AusCERT

Membership

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

Press F1 to continue...

Date: 05 March 2010

Click here for printable version

It's been a pretty quiet week in security advisory land but there have been some stand out oddities, for example the now much giggled at "Press F1 to get owned" VBScript bug present in Internet Explorer on Windows XP, 2000 and 2003. Not exactly the world's most exciting zero day vulnerability in Internet Explorer but certainly one of the more interesting in terms of the social engineering required to activate it.

On the more serious side of things there was an update released for McAfee LinuxShield to fix a root compromise, Drupal pushed a new version of their CMS to resolve multiple issues and VMWare updated ESX to bring it up to speed with multiple underlying package updates.

It seems there is a zero day waiting in the wings for the Opera web browser with proof of concept code being circulated. No statement from Opera Software regarding this has come forth as yet.

For those with enough time on their hands it may be worth noting that OpenSSL appears crackable. But only if you have access to the machine's power supply, a large cluster of machines running a "custom-designed algorithm" and about a 100 hours of runtime. It has however brought to light what could be a serious underlying issue with OpenSSL and other crypto libraries. OpenSSL has stated that they are looking at providing a patch to mitigate the issue.

With that in mind, have a good weekend!