Surviving the Week 6/29/2012

Code Execution Vulnerability in Microsoft XML Core Services

If you are calling “msxml3!_dispatchImpl::InvokeHelper” in your code, make sure to patch it.  A vulnerability exists when the Microsoft’s XML function “msxml3!_dispatchImpl::InvokeHelper” attempts to access an object in memory that has not been initialized, allowing attacker to execute arbitrary code.  Valid exploits have been made public.
http://blogs.mcafee.com/mcafee-labs/vulnerability-in-microsoft-xml-core-services-opens-door-to-attackers

RSA SecurIDs Get Cracked In 13 Minutes

Major corporations, government agencies, and small businesses hand out RSA SecurID fob keychains to employees so that they can securely log in to their systems.  If you use a device like this, you probably assume that it’s a strong security measure to keep your employer’s networks and data secure. A team of computer scientists cracked the encryption it uses in record time.

In a paper, researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard. They managed to develop an approach that requires just 13 minutes to crack the device’s encryption.
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf

State of Alaska Fined $1.7 Million for a Lax in Security Protecting Health Records

The US Department of Health and Human Services (HHS) has announced a settlement with the State of Alaska’s Department of Health and Social Services (DHSS) for $1.7 million resulting from HIPAA violations. An investigation began after the physical theft of a USB HDD and investigation team soon learned that the Alaska government does not have proper controls in place.
http://nakedsecurity.sophos.com/2012/06/27/state-of-alaska-fined-1-7-million-for-lax-security-protecting-health-records/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*