Sunday, November 2, 2008

Tools of the Trade - DST Edition

Check your watch, clocks, and time sources. Depending on your location you may have gained an hour today as daylight saving time ended for North America and some other regions. Most modern devices and Operating Systems should have either had a patch or time zone update and adjusted themselves. Those that didn't, either ignore the change, or changed back early under the old schedule. For organizations that set all critical system to Zulu (UTC), carry on then. Devices that can't easily be changed, such as embedded systems, or systems that are never patched, can we say SCADA, mitigate or adjust accordingly. Pay particular attention to logs immediately before and after the change.

http://isc.sans.org/diary.html?storyid=5273&rss

-------------------------------------------

On Oct 31st, TrueCrypt 6.1 was released. Check the version history for all the details.

On Oct 30th, Opera 9.62 was released. This release fixed an issue where History Search could be used to execute arbitrary code, as discovered by Aviv Raff. It is highly recommended to upgrade.

On Oct 27th, CCleaner 2.13.720 was released. This release added support for Firefox 3.1, among several other improvements.

On Oct 27th, CDBurnerXP Pro 4.2.3.1062 was released. CDBurnerXP is a free application to burn CDs and DVDs, including Blu-Ray and HD-DVDs.

On Oct 27th, Peach v2.2 was released. Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

On Oct 26th, Sun Microsystems released Java Runtime Environment 1.6.0.10. This release has several new features and fixes, including the ability to patch in place. Check the release notes for all the details.

On Oct 9th, VoIPER v0.07 was released. VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties. It incorporates a fuzzing suite built on the Sulley fuzzing framework, a SIP torturertool based on RFC 4475 and a variety of auxilliary modules to assist in crash detection and debugging.

No comments:

Post a Comment