Security Now 370
Guest: Mark Russinovich
Recorded: September 19, 2012
Published: September 19, 2012
Security Now 370: Mark Russinovich
News & Errata
Bad new 0-day Internet Explorer exploit in the wild:
- Installs the Poison Ivy Trojan
- Security researchers found this out by monitoring servers used by the bad guys.
- Microsoft has issued an advisory.
- Rapid 7 has already added the exploit to it's Metasploit framework.
- Microsoft is urging users to install the EMET (Enhanced Mitigation Experience Toolkit).
- Researchers have found that EMET is not entirely effective.
- Microsoft released an out of cycle patch fixing this problem on Friday 9/21/12.
"Lastpass Sentry" service:
- Lastpass Sentry, a new service from Lastpass.
- Warns when your Lastpass email address has been leaked out online.
- Lastpass partnered with "PwnedList". PwnedList currently has 24 Million (and counting) publicly leaked usernames & passwords in it's database.
- How it works:
- Sentry performs daily checks to make sure your Lastpass email address is not found in PwnedList's database.
- If a match is found an email is sent to the user, notifying them of the domain that was breached and the potential security risk.
- Currently available to LastPass Premium and Enterprise users.
- Users can Opt-Out via eMail.
Symantec Blog: "The Elderwood Project"
- A project lead by Symantec examining security vulnerabilities
- Click to download the whitepaper.
- Audible URL
|TBD by TBD (ABRIDGED/UNABRIDGED)|
Narrated by TBD
- Link URL
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|