Patch Tuesday Squared – Do It Now
Patch Tuesday Squared – Do It Now
Patch Tuesday squared – Do it now
As promised this summer, Adobe has synchronized with Microsoft and released their updates on the same day, the second Tuesday of the month… albeit a month late from the original promise. As usual those of us in the security business cannot stress enough the importance of applying these updates as soon as safely possible.
I would like to draw attention to something positive to start with. Microsoft has published an excellent summary of the risks and priorities of deployment on their Microsoft Security Response Center blog. This is nearly unheard of in the software industry.
Microsoft is being more open and honest about software flaws, and has presented them in a manner that even the least experienced in security matters could grok. My hat is off to the Microsoft security team for making an effort to help all of us wade through the FUD and make informed decisions. Using terms like “Browse and own scenario” takes away all the flowery words and gets to the point: Do it now.
I won’t quote you the same statistics as every other story published about today’s patches, but rather would like to draw your attention to a few that have caught my interest due to their exploitation or because their early disclosure may lead to quick proof of concepts.
The most publicized vulnerabilities previous to today’s release were MS09-050 (SMB v2 vulnerability in Vista/2K8/Win7 Release Candidate) and MS09-053 (IIS FTP Remote Code Execution).
The SMB flaw had some interesting proof of concepts released, but not many organizations intentionally expose SMB traffic to the open internet. We are all running client firewalls now, aren’t we?
The IIS flaw saw limited public exploitation, but nonetheless is trivial to exploit. Those of us still running public FTP sites should seriously consider more secure alternatives like SCP and SFTP. They may not be any more secure from an exploitation standpoint, but flaws like MS09-053 may draw attention to long forgotten servers that may need a security update (like having encrypted credentials).
One flaw, MS09-056 (CryptoAPI SSL null-byte exploit), received a low index rating by Microsoft, despite Dan Kaminsky and Moxie Marlinspike’s widely publicized demonstration and paper at Blackhat 2009. James Lyne commented about the risks on Graham’s blog and noted that even cautious users could be tricked into providing personal details or credentials to malicious websites.
While true that it has not been widely exploited to date, a certificate forging Paypal.com was recently released publicly. This combined with the fact that it not only affects Microsoft products, but all applications that use the Windows CryptoAPI makes it a juicy target. Chrome and Safari browsers are vulnerable without this fix, as well as any other SSL-enabled program that uses the OS-provided crypto library.
Lastly, Adobe released bulletin APSB09-15. This patch for Adobe Reader and Adobe Acrobat fixes 29 vulnerabilities found since their last bulletin in July 2009. Unlike Microsoft patches they affect Windows, OS X, and Unix/Linux.
Surprisingly this is nearly as many as Microsoft’s entire operating system and application line. Fortunately Adobe’s timing was good this time around as a new exploit of one of the vulnerabilities was just disclosed last week. Fraser Howard of SophosLabs UK posted an article discussing a sample PDF that exploited CVE-2009-3459, and how we protect our customers against it.
While Adobe may be catching up to Microsoft in terms of flaws in their software, they could use to tear a few pages from Microsoft’s playbook on how to cope. Microsoft has taken security much more seriously in the last year and a half, and it shows. They are embracing the community’s demands about openness and reliably delivering updates to IT departments in a predictable way.
Adobe: Don’t promise quarterly updates if you can’t deliver (and is that often enough?). Tell us about problems and workarounds sooner rather than later, deliver patches on a known predictable schedule, and adopt a process to eliminate these issues before they reach our desktops (See Microsoft’s Security Development Lifecycle).
And if you don’t like my longer blog posts with unsolicited advice, don’t even bring up Apple.
Anti-Depression Non-Profit Wins USA Todays Twitter Charity Contest
Nigel T Packer 
Twitter Marketing 
charity-name, declared-the-victor, Friday, grand-prize, Message, most-retweets, the-message, the-tweet, the-victor, Tuesday, Tweet, Twitter, usa, victorLast week, U.S. news organization USA Today launched a four-day Twitter hashtag campaign for charity. The grand prize
View post:
Anti-Depression Non-Profit Wins USA Todays Twitter Charity Contest
Twitter feathering nest: Social network site trying to make money from advertising.
SAN FRANCISCO — Is Twitter the next Google, the next Pets.com, or something in between? It may have begun answering that question Tuesday, with its long-awaited first step into advertising.
Read the rest here:
Twitter feathering nest: Social network site trying to make money from advertising.
Twitter Advertisers Will Have to Sing a Catchy Tune for Their Supper
Gary R. Hess Twitter Marketing back-seat, corporate-interests, first-foray, made-it-clear, making-money, phenomenon-on-tuesday, Short, the-short, Tuesday, TwitterAfter months of questions about how Twitter plans on making money, the short message service and social media phenomenon on Tuesday launched its first foray into advertising. However, in doing so, the company made it clear that traditional corporate interests would take a back seat to overall customer happiness.
See the rest here:
Twitter Advertisers Will Have to Sing a Catchy Tune for Their Supper
Twitter chases first revenue with ad service
Jim E. Martin Twitter Marketing among-web, first-step, its-popularity, new-advertising, program-on-tuesday, Tuesday, TwitterMicroblogging service Twitter introduced a new advertising program on Tuesday, in a first step to prove that its popularity among web users can translate into a self-sustaining business.
Twitter finally feathers its nest with advertising
Is Twitter the next Google, the next Pets.com, or something in between? It may have begun answering that question Tuesday, with its long-awaited first step into advertising.
Read the original:
Twitter finally feathers its nest with advertising
Twitter unveils ad plan in profit push
Elaine Currie Twitter Marketing four-years, growth-since, its-launch, massive-popularity, plan-on-tuesday, seen-explosive, Tuesday, turn-its, use-advertising, YearsTwitter, which has seen explosive growth since its launch four years ago, unveiled a plan on Tuesday to use advertising to turn its massive popularity into profit.
Twitter to have paid tweets show up in searches
Twitter announced Tuesday that it is introducing advertising by allowing companies to pay to have their messages show up first in searches on its site.
Originally posted here:
Twitter to have paid tweets show up in searches
Twitter starting paid tweets to show up in searches
Justin Arnold Twitter Marketing allowing-companies, faces-questions, Francisco, Messages, messages-show, Promoted, promoted-tweets, searches-on-its, Tuesday, turn-its, TwitterSan Francisco — Twitter announced Tuesday that it is introducing advertising, allowing companies to pay to have their messages show up first in searches on its site.
See original here:
Twitter starting paid tweets to show up in searches
Twitter set to make money through advertisements
Bret Parker Twitter Marketing all-set, first-step, its-revenue, mark-its, model-on-tuesday, toward-allaying, Tuesday, Twitter, unveil-itsPopular microblogging site Twitter is all set to unveil its advertisement model on Tuesday, which would mark its first step toward allaying concerns about its revenue generating potential.
Follow this link:
Twitter set to make money through advertisements
Follow us on Twitter!Archives
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- January 2009
Categories
- 861
- 8615
- Custom Web Design
- Email Marketing
- Google Optimization
- Google's Nexus One
- Graphic Design
- Jacksonville Furniture Stores
- Misc
- SEO
- Social Media Marketing
- Technology
- Twitter Marketing
- Uncategorized
- Web Design
- Web Development
- Web Marketing
- Website Design Companies
- Website Design Resources
- Website Marketing Companies
- Website Marketing Resources
Recent Posts
- Advantage of Best Website Designing!
- Camel Crochet Ultimate Bundle
- How To Litter Box Train Your Dog.
- Globalsitesubmissions.
- How To Role Play In Bed & Ignite Your Sex Life
Views
- Concept Of Search Engine Optimaization for website marketing - 21,960 views
- Avnet Electronics Marketing First Distributor Certified by Renesas Technology America to Program Board ID Products (Business Wire via Yahoo! Finance) - 16,418 views
- A Bad Apple Logic Board Can be Very Inexpensive to Repair - 9,739 views
- Pop-ups Versus Banner Ads: Which Is Better For Increased Website Traffic? - 7,438 views
- Strategic Internet Marketing Online Advertising Is Apparently the Solution for Small Businesses - 7,220 views
- SEO Tips for Designing a Top Ranking E-commerce Website by Rosemary Donald - 6,475 views
- Contextured Uncovers how Leading Automotive Firms are Turning to Online Marketing to Beat the Recession - 6,352 views
- Adobe Photoshop CS2 V 9.0 buy cheap - 5,876 views
- Cheap Apple Logic Board Repair - 5,432 views
- Guide to SEO Keyword Research - 4,761 views
Resources
Recent Comments
- Matthew C. Kriner on Guide to SEO Keyword Research
- Burton Haynes on iTunes Store
- Andrew A. Sailer on iTunes Store
- Gregory Despain on Why Online Advertising Agency Opts for Video Advertising
- Andrew A. Sailer on Why Online Advertising Agency Opts for Video Advertising