Friday, July 17, 2009

Vulnerability Report July 2009



This is a Beta version of our Vulnerability Report. We haven't done this, or anything like it before and we got it together pretty quickly. We're learning as we go. We would really appreciate some thoughts, tips and suggestions on it.
Add to Technorati Favorites Digg! This

5 comments:

Dionysus said...

What is going on with the JRE? You mentioned it at the beginning and it wasn't mentioned again after that (I don't think...).

Rob Fuller (mubix) said...

Matt needs to sit up ;-) No slouching allowed on the internets!

Great show, it'd be nice to include a bit more detail. You aren't really giving added value to just reading the headlines of my "Updates Available" dialog. Tell us how the vuln works, and how to protect against it (yes I know patch...)

Oh, and Matt said something about Oracle and Java JRE in the beginning, and only did MS and FF. WTF?!

Nigel Houghton said...

Matt is without Internet connectivity at the moment, here is his dictated comment:

Yup I know I missed the JRE, we shot this in 4 different segments without a base script. Next time we'll be using some teleprompter software, or maybe I'll learn how to ad-lib better. As for the leaning forward, we unfortunately didn't have a good location in the building to shoot this at the proper distance and height, so I'm sitting on a chair with phone books on it as a booster seat. Which made not leaning forward, as I might fall off the chair, a bit difficult. Next time we'll have all the right pieces, so that I'm not the worst part of the video :)

As for the JRE: here is what I wanted to say:

iDefense released a vulnerability in the JRE in December of 2008, in April 09 a public exploit was released, now its being added to exploit kits for drive by downloading. So if you haven't updated your JRE in awhile you should.

Finally, I just want to point out that Matt, Patrick, and Nigel, did some amazing post production work on this video, with limited tools and pretty much no budget. Next time I'll attempt to live up to their standards.

Also we'd like to thank our marketing department for ponying up the cash for the HD camera and the lights.

radtrinidad said...

I love it! Graphics and music are both fitting. Your seat hack will definitely need upgrading so you can sit up and be better centered on the screen.

senthil said...

Excellent work guys . Keep it Going , I actually liked the part where he also talks about Defcon and its post effects