Category: Security

Jan 10

Notes on securing Meltdown and Spectre

Now that the dust is slightly starting to settle it became clear to me that there’s an enormous amount of information and confusion out there. I have read a lot of websites in order to get a clear picture and being able to get all of my hosts and Virtual Machines patched. While not completely …

Continue reading

Apr 13

VMware Security Advisory:- VMSA-2015-0003.1

New advisory for you and this one looks like a beast, I mean it seems to affect every VMware product other than vSphere ESXi. But to be fair this is more of an issue with Oracle JRE than the overlaying applications stack. And relate to an issue documented in Oracle’s Critical Patch Update Advisory of …

Continue reading

Mar 26

VMware Security Advisory – VMSA-2015-0001.2

I have not done any of these for a while, so here we go, this is a catch all advisory to close down an number of vulnerabilities,  the original advisory was released in january and this one adds a couple of new products that have been patched.  if your product is down as having an …

Continue reading

Jul 08

A Timely Remider: Passwords and Pin Codes Are Important

On June 24, 2014, a former editor of a now-defunct British tabloid newspaper (some will disagree with the use of the prefix “news”) was found guilty of phone hacking. Phone hacking is the practice of intercepting and listening to a phone’s voicemail messages without the owner’s knowledge or permission. How did this happen? The technique …

Continue reading

May 30

VMware Security Advisory:- VMSA-2014-0002.3

This is the third update to a original that was released in March 2014, it relates to a potential DDOS in a subcommand of NTP and a security issue in GLIB.

Continue reading

May 30

VMware Security Advisory: VMSA-2014-0005

This patch addresses a potential guest privilege escalation caused by an issue in VMware tools installed on Microsoft Windows 8.1, so not really much of an issues as you can count the number of people using windows 8.1 on the fingers of one hand. But seriously if you are using Windows 8.1 in  your environment …

Continue reading

Mar 12

VMware Security Advisory: VMSA-2014-0002

Updated Security Advisory, this one relates to some third party advisories. but please note that it does include a critical status!!, however that said, there is currently nothing you can do about the issue unless you are running vCenter 5.5, the update to the latest version “Update 1”. The issue relates to a possible DDoS …

Continue reading

Jan 22

VMware Security Advisory: VMSA-2013-0009.3

The third and final advisory released, relates to issues with SSL and the userworld.

Continue reading

Jan 22

VMware Security Advisory: VMSA-2013-0012.1

The second Advisory of the day is an update to one released in October of last year.  again the first two issues can be circumvented by the good design practice of deploying hosts on a isolated VLAN, the third requires an update of Java,

Continue reading

Jan 22

VMware Security Advisory: VMSA-2014-0001

It has been a little quiet on the VMware Security Advisories lately, but today a little bit like buses along come three at once.  The first is a brand new One and addresses a number or potential vulnerabilities.  two of which are circumvented by good design principles, like placing hosts on a separate protected network.  …

Continue reading