Thursday, January 3, 2013

Ring in the New Year with Seven Microsoft Patches


If you are still basking in the afterglow of a relaxing holiday respite, the relentless re-introduction of Microsoft Patch Day may seem like a harsh reminder of some of the drudgery suffered by an InfoSec professional. Don’t get me wrong! Patching is one of the most effective ways of keeping your systems safe. Yet, its ceaseless nature can’t help but put me into a Sisyphean mood.

That said, here comes another round of Microsoft patches, so get ready to push that security boulder back up another hill next Tuesday.

According to their first advanced Notification post for the year, Microsoft plans to release seven new security bulletins next Tuesday, as part of their January Patch Day. The bulletins will include updates to fix security vulnerabilities in Windows, Office, the .NET Framework, and some of Microsoft’s Server Software. Microsoft rates two of the  bulletins as Critical, and the rest as Important.

Microsoft Patch Day: January 2013

HOW TO : Save and Fix a Water Damaged Wet Cell Phone ~ Geeky Stuffs

Wednesday, January 2, 2013

DNS Services --- When Is an Invoice Not at Invoice?

Some Excalibur's clients have alerted us to a purported Domain Name Service (DNS) back-up service provider that goes by the name DNS Services ( and lists a business address of Vancouver, Washington.

If you receive what looks like an invoice from this company via mail or email, do not respond to it or make a payment – it is simply a solicitation that our web hosting clients don’t need.

In short: Don’t be fooled – dispose of mail or email from DNS Services.

Thursday, September 13, 2012

iTunes 10.7 Update: Heavy On Security Fixes, Short On Details

iTunes 10.7 Update: Heavy On Security Fixes, Short On Details

Yesterday, Apple released an updated version of their popular media player and mobile syncing software, iTunes 10.7. The update adds new features (like support for upcoming iOS 6) and fixes security vulnerabilities.
I must admit, I pretty much ignored Apple’s email about this update at first. After all, iTunes is a media player. Not really your typical business critical software, and not something I see attackers target very often. That said, it’s important to update all of your software, so I took a peek at Apple’s alert.
According to Apple’s security bulletin, iTunes 10.7 fixes over 160 different vulnerabilities. I don’t think I’ve ever seen a security update list so many CVE numbers for one patch.