JAVA'S ZERO DAY ROUNDUP

[via Trendmicro]

ALONG WITH OTHER SECURITY ISSUES

Trendmicro did a analysis on the various methods this exploit was used, where they came from and who was targeted the most. Here's their pie chart showing the percentages:

The article makes for good reading, and has some good information in it as well. You can read they're Sept. 6th post HERE.

HP

In an article about Microsoft "Tuesday Updates", a quote from Paul Henry, a security and forensic analyst with Lumension was thrown into it, and while it's good to know this, I'd like to read more about it. Until then, his quote was -

“It should also be noted that there are currently nine zero day vulnerabilities in HP’s enterprise products with no patch in sight. Eight of these vulnerabilities have been given the highest risk level rating and they should be keeping IT up at night they’re using any of the affected products.”

Yes Paul, if I were still an IT administrator and used any of those products, I would probably sleep lightly, waiting for the other shoe to fall.

MICROSOFT AND SSL

This was the brief meat of the subject from which the HP information was derived. In October, Microsoft is going to a higher level of Encryption, now that the current one has been stolen, hacked, or otherwise misused. If your website has SSL certificates, read up about that now - or find yours to be invalid in October. [Source: PC WORLD]

CRIME

And from Computer World, comes another article about some researchers who found a way to hack the "S" in "HTTPS". It's worth a read as well [ed. - after all, when we use HTTPS, and see the little lock, we assume we are protected, and btw, they named their hack "CRIME"].

'Nuff Said,
Brian