64-bit vulnerability to APSB10-26

Similar Messages

• Time Machine Backup Failed: Error (12): Link of previous volume failed

  I am having troubles with Time Machine, backing up to a new Time Capsule, after I have switched one of the drives being backed up. I replaced a 250 GB external drive with a 500 GB drive, but have given it the same name (otherwise lots of links break). Now I get the following error everytime Time Machine runs:
  Error (12): Link of previous volume failed for Athena Disk 2
  Where 'Athena Disk 2' is an external USB drive being backed up, which was swapped with a new drive.
  Disk Utility reports the drive is clean. I've seen a few other references to similar problems in the forum, but no solution. Console reports that the first (internal non-switched) drive has a bunch of files being backed up, but it seems to abort when it tries to backup the drive that was switched.
  I've tried disabling backups, removing the Time Capsule disk and then setting it up again, in an attempt to 'reset' something, but to no avail.
  Any ideas? I'm guessing there is a filesystem ID or something similar that Time Machine is using, and it notices that something has changed, but doesn't know what to do about it.
  Thanks,
  Dave Filip.

  I'm having a similar problem, which seemed to start coincident with either a 10.5.6 update OR the replacement of my internal drive with a larger drive (I don't remember which...).
  Time Machine backup logs now start similar to this one:
  2/9/09 9:30:03 AM /System/Library/CoreServices/backupd[35512] Backup requested due to disk attach
  2/9/09 9:30:03 AM /System/Library/CoreServices/backupd[35512] Starting standard backup
  2/9/09 9:30:04 AM /System/Library/CoreServices/backupd[35512] Backing up to: /Volumes/H. G. Wells/Backups.backupdb
  2/9/09 9:30:14 AM /System/Library/CoreServices/backupd[35512] Event store UUIDs don't match for volume: Macintosh HD
  2/9/09 9:30:14 AM /System/Library/CoreServices/backupd[35512] Node requires deep traversal:/ reason:kFSEDBEventFlagMustScanSubDirs|
  2/9/09 9:30:23 AM /System/Library/CoreServices/backupd[35512] Backup requested due to disk attach
  All of this seems right except for that business about UUIDs, but then we get this:
  2/9/09 9:48:52 AM /System/Library/CoreServices/backupd[35512] No pre-backup thinning needed: 113.94 GB requested (including padding), 327.41 GB available
  2/9/09 10:13:23 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type FREF (id 133, length 7, native = no)
  2/9/09 10:13:24 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type FREF (id 133, length 7, native = no)
  2/9/09 10:13:29 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type open (id 128, length 12, native = no)
  2/9/09 10:13:29 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type open (id 128, length 12, native = no)
  2/9/09 10:13:40 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type FREF (id 128, length 7, native = no)
  2/9/09 10:13:40 AM com.apple.backupd[35512] CoreEndianFlipData: error -4940 returned for rsrc type FREF (id 128, length 7, native = no)
  2/9/09 11:43:10 AM /System/Library/CoreServices/backupd[35512] Copied 409803 files (94.1 GB) from volume Macintosh HD.
  2/9/09 11:43:10 AM /System/Library/CoreServices/backupd[35512] Error (12): Link of previous volume failed for Macintosh HD.
  2/9/09 11:43:10 AM /System/Library/CoreServices/backupd[35512] Error (12): Link of previous volume failed for Macintosh HD.
  2/9/09 11:43:16 AM /System/Library/CoreServices/backupd[35512] Backup failed with error: 12
  which leaves me with a few questions:
  a) I don't have fresh backups, and that leaves my system a bit vulnerable. Can I fix this somehow?
  b) I don't want to have to start over, but if I do how can I salvage the existing backups at least for the next year or so?
  c) What the heck are those "CoreEndianFlipData" errors all about?
  Thanks in advance.
  Ron

• My hard drive has appeared on my desktop.  Where should it be?, Thanks

  If anyone can assist it would be appreciated.  I don't recall moving it here.  I am just a little concerned as it looks a bit vulnerable sitting there!!
  Thanks

  Welcome to the Apple Support Communities
  That's a Finder feature that you can turn on or off. If you don't want that your hard drive appears on the desktop, open the Finder menu (on the menu bar) > Preferences > General, and unmark "Hard drives", so your hard drive will disappear.
  You don't have to worry about that because it's not more vulnerable, but if you don't want it there, you can delete it from your desktop with my steps above

• Shockwave vulnerability - APSB10-12, who's really affected?

  Hello,
  In light of the recent update to the Adobe Shockwave player, 11.5.7.609, due to a critical vulnerability, I'm trying to identify whether non-admin users would be affected. If they don't have rights to run certain processes, would they need to patch?
  The reason I ask is that in our organization we have a number of users, without admin rights, who we've installed the Adobe Shockwave player for, and are currently on version 11.5.6.606, or an earlier release. If they will not be affected by the exploits because they lack admin rights, we may change our approach on who we update, as it will be a manual process. We run in a Windows and Mac environment.
  Thank you,
  Jason

  I cannot give you a direct answer to your question, and – as this is a user-to-user forum – you will probably not get an official reply from Adobe here.
  However, you write "due to a critical vulnerability" – this is not exactly the case.  Looking at http://www.adobe.com/support/security/bulletins/apsb10-12.html I count no less than 18 critical vulnerabilities.
  I do not know how likely any users may fall prey to any of these vulnerabilities, but if it was my organization, I would upgrade all users as soon as possible.

• I am trying to download iTunes on my new desktop computer (Windows 7, 64 bit).  It starts installing, and then stops with the message- "The System Administrator has set policies to prevent this installation."  I am the sole user- please help.

  I am trying to download iTunes on my new desktop computer (Windows 7, 64 bit).  It starts installing, and then stops with the message- "The System Administrator has set policies to prevent this installation." This is a stand alone computer and I am the sole user.   Please help.

  This is a Microsoft Windows Issue.
  From a MS Support Engineer:
  "Hi,
  ·        Is the computer on a domain?
  ·        Is the issue isolated to only this software or you get the same error message with other software’s as well?
  Try the steps below and check if it helps.
  Step 1:
  Run the software setup file as an administrator and check if it helps.
  a. Right click on the setup file of the software that you are trying to install.
  b. Select “Run as administrator”.
  Step 2:
  Temporarily disable the antivirus software running on the computer and check if you are able to install the software.
  Disable antivirus software
  Warning:
  Antivirus software can help protect your computer against viruses and other security threats. In most cases, you shouldn't disable your antivirus software. If you have to temporarily disable it to install other software, you should re-enable it as soon as you're done. If you're connected to the Internet or a network while your antivirus software is disabled, your computer is vulnerable to attacks.
  Step 3:
  a. Click Start, type "Local Security Policy" (without quotes) and press enter.
  b. Click on Software Restriction Policies.
  c. In the right pane, double click on the "enforcement".
  d. Select “All users except local administrators”.
  e. Click Ok and restart the computer and check if the issue is fixed."

• Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help

  2835604 wrote:
  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help
  that sounds like the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
  See MOS note 134083.1  and 1453883.1

• Adobe Acrobat 9 Pro Extended,  64-bit Add-On, Version 9.0.0

  Does anybody know if this is still needed for Adobe Acrobat Pro Ext, version 9.5.2 ? Our security people are declaring that this is a vulnerability, and I see no way to update it or even verify if it is needed. There are no clear references to this on Adobe's website, other than for previous versions of 9 Pro Extended.

  All I can tell you is it's title in the "Programs and Features" tool of Windows 7. To whit: "Adobe Acrobat 9 Pro Extended 64-bit Add-On."  It has an installation date of 8-30-2011 and is only 34KB in size, according to Windows. It is listed below the Main Acrobat 9 Pro program, which doesn't give it's size, but does give the current version of 9.5.2, which is the latest for Acrobat 9 Pro as far as I know.
        The one thing I want to establish is whether this add-on is necessary for the current version of Acrobat 9 Pro to function or not. I can find no guidance on Acrobat's website; at least a search reveals nothing anyway. And it is not referenced in their update site at all. If worse comes to worse, I will call them for guidance because our security types are listing it as a problem, and I am wondering if they are confusing this add-on with the main program.
  Hope this helps with your knowledge, and thanks for replying.
  R

• Plug-in site says Shockway Flash vulnerable, needs updating. I did but says I already have new version. Still shows as vulnerable. Currently have version 11.0.1.152 . Update is for 10.3.183.11. Why is it still showing up being vulnerable?

  Up above pretty much sums it up for me. Mozzilla Plug-in Site shows that Shockwave Flash is vulnerable and needs updating, when I click on it, it takes me to Adobe Flash Player and the version it wants me to update to is 10.3.183.11. But when I did that it stopped halfway through and told me that I do have an updated version installed and wouldn't complete. But when I went back to the plug-in page, it still shows Shockwave as being vulnerable and needing updated. Does anyone know why this is? I even double checked and went under Troubleshooting and it shows what I have installed and went to the plug-in section and it shows Shockwave as having version 11.0.1.152. But the version that it's telling me to update too is 10.3.183.11, so that would explain why when I tried to update it said I had the current version. But still shows me as being vulnerable. Thanks for any help you can give me.

  Thanks again but when I went there I don't see the correct version to click on. Everything there just explains what it is and now I see something called IE after it some say 32-bit and 64-bit. I have know idea what those are.
  I just usually go to my Mozilla plug-in site and update and never worry about what version it is because the system knows. You can tell I'm not a 'techy' person.
  But apparently it's Adobe that's dropped the ball. I went back to their site and went to the new version and when you go directly there to download it pops up with the old version that's been telling me to update too which is 10.3.183.11. I tried going directly to support there but it ends up referring me to this type of support. Apparently if you want to call support up you have to pay to get actual tech support from them. In this case you shouldn't because they have it defaulting to the wrong update. I went to other sites as well but am afraid of downloading the wrong version. Actually, the site you sent me too showed someone else that did the same thing from there and it downloaded the wrong version too. So am hesitant to do it from there.
  Guess I'll just hope that since I do have version 11.0.1.152 that it will work fine until they fix the update page.
  Debbie

• Need 256 Bit AES Full Disk Encryption for a Mac.  The other discussions regarding this issue are very old.  Does anyone have any current advice regarding encryption software?

  Does anyone have any advice regarding 256 bit full disk encryption software for Macs?  The other discussions on the topic are years old, so I would like some current input.  Thanks for your help in advance.

  Depending on your Mac, you might not want to upgrade to OS X 10.7 or 10.8 as it will not run the PowerPC based software your currently using costing a bundle to replace it all, also they will slow down your machine if it's not a more recent issue. You don't want to upgrade OS X without AppleCare defending your possibly bricked logicboard that's for sure.
  Filevault encrypts the boot drive, however in doing so makes it near impossible to fix if you have a software issue and need to recover files directly or by using specialty software. Also it robs the machine of performance even more than the Lions do. So you will really need a SSD to work best with 10.7/10.8 and Filevault, then it has to be freshly installed. Filevault needs 50% free space on the boot drive, then it's going to write to the slower 50% half of the hard drive where performance is terrible compared to the first 50%.
  Also Filevault is cracked under certain conditions, and if someone gets their hands on the machine (like the law) and knows what they are doing.
  If you take your Filevaulted machine to Apple to fix, they are going to require the password to fix the machine obviously.
  Software based encryption is vulnerable, you might want to instead place your sensitive data on external self-encrypting hardware that doesn't rely upon software or computer hacks/bypasses (ike freezing the RAM) to get to it.
  http://www.datalocker.com/products/datalocker-dl3.html
  Iron Keys for portable USB self encryption, both work with any computer, so your not locked into one platform.
  With the senstive data off the computer and on a external device, there is the option of removing, hiding and securing the device. If used with a computer that's never connected to the Internet, it's safe from snoopers, except from a survelliance van parked outside your door.

• Is my OS X Mountain Lion installation vulnerable to security threats?

  Hello dear community members,
  I am a bit concerned about my OS X installation being vulnerable to known security threats which may not have been patched. Also came across an article:
  http://www.zdnet.com/os-x-mountain-lion-users-no-more-security-updates-700002232 2/
  What are your thoughts on this and how are you handling this issue?
  I can not upgrade my mac to Mavericks because I need to use some software which is only compatible with Mountain Lion.

  Aceattack wrote:
  It is not Apple's responsibility to ensure 3rd party compatability however the concern was that Apple continue to support and provide security fixes for old OS X versions rather than force people to upgrade just because Mavericks is a free upgrade.
  But Mavericks is a free upgrade. And any Mac that runs Mountain Lion will also run Mavericks.
  It is standard procedure to discontinue support for old products. I will quote the AppGate on the topic:
  Important note: End of Life AppGate Version 9*
  After due consideration, Cryptzone is declaring End of Life (EOL) on AppGate Security Server v9.x This became effective on October 30, 2013. Full support will continue to be provided for AppGate Security Server v9.x up until the end of Q2 2014 After this time any customers wishing to continue to receive support and updates must move to version 10.x (or newer). Most customers have already migrated, but if you have any still on this version please work with them to migrate to version 10.x.
  Why is it acceptable for one company to stop supporting an old product but unacceptable for another? And why do I suspect that the AppGate upgrade is not free?
  If you depend on AppGate and eToken and those products do not run on Mavericks, you should be asking why. Like all developers, they have had access to Mavericks since early June. What was so radically different about Mavericks that takes over 7 months get working? Either they aren't very committed to the platform or they really don't know how to write OS X software. Considering that the product seems to be Java-based, I suspect both.
  That is an interesting conundrum that is pretty typical for enterprise customers. You are running an old OS version without security updates because you depend on 3rd party security software that depends on 4th party Java software proven to be one of the last major malware conduits. And people wonder why these enterprise servers are always the ones to get hacked and hand over 45 million customer records.
  I feel your pain. I only recently updated my work machine to Mountain Lion due to similar enterprise security issues. Our market-leading antivirus vendor that protects us against the latest zero-day malware was unaware or just didn't care that Apple had released a new OS. And I'm talking about Lion! I have similar problems with my Java-based Juniper VPN. The Apple-provided VPN works fine, as it always has. And I can't really do without my Mac because I need it to develop on when my Linux servers with 24x7 on-site support from IBM and Oracle are out of commision for 4 months. Apple is not the cause of either of our problems.

• Hi looking for a bit of free  anti - virus and firewall for osx 10.8.2

  hi looking for a bit of free  anti - virus and firewall for osx 10.8.2 any pointers also any one used Mac cleaner ?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.

• W2003 DNS cache snooping vulnerability for PCI-DSS compliance.

  Hi everyone.
  How can I solve this security vulnerability reported by Nessus(security software) with W2003's DNS ?
  DNS Server Cache Snooping Remote Information Disclosure
  Synopsis:
  The remote DNS server is vulnerable to cache snooping attacks.
  Description:
  The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently
  visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of that financial institution.
  Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more. Note: If this is an internal DNS server not accessable to outside networks, attacks would be limited to the internal network. This may include
  employees, consultants and potentially users on a guest network or WiFi connection if supported.
  Risk factor:
  Medium
  CVSS Base Score:5.0
  CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
  See also:
  http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf
  Solution:
  Contact the vendor of the DNS software for a fix.
  Plugin output:
  Nessus sent a non-recursive query for example.com and received 1 answer : 192.0.43.10
  I have been searching for a solution at the web...but I was unabled to find one..that could let me to use "recursion" at our DNS server.
  We have an internal DNS server for Active Directory, with a forwarding to resolve external internet domains as is a requirement by our application..but now the only way to fix this is to disable "recursion" and we are working with external IP address instead
  of internet DNS names..but this is not a good solution for us.
  I found something about spliting DNS functions, but my point is that we have all the servers internal and DMZ, inside the same AD domain..so we need to use the same DNS server AD integrated, notwithstanding we must resolve external DNS records for our application...How
  can I do this without getting the same vulnerability again ? I don´t know how to do it disabling "recursion"..If I disable recursion I will be unable to resolve external DNS names.
  Any suggestion will be really appreciated!!
  thx!!

  That's basically for your internet facing DNS. I wouldn't worry about it too much for internal DNS, since that's only hosting your internal AD zone.
  Other than setting the "Secure cache against polution" setting, you can also opt to disable caching of all records so each and every query is a fresh query. This actually fixes CNAME vs A record TTL mismatch issues, too, not that you're probably seeing them
  or not, but just wanted to add that:
  Description of DNS registry entries in Windows 2000 Server, part 2 of 3 (applies to 2003, 2008 & 2008 R2)
  http://support.microsoft.com/kb/813964
  Cannot resolve names in certain top level domains like .co.uk.
  http://blogs.technet.com/b/sbs/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx
  ============
  To turn off or disable local cache: (WIndows 2000 notes, but they apply to all current OS's)
  Set the MaxCacheTtl to 0 in the registry or use Dnscmd
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
     Value:     MaxCacheTtl
     Type:     DWORD
     Default:  NoKey (Cache for up to one day)
     Function: Set maximum caching TTL.
  MaxCacheTtl
  Type: DWORD
  Default value: 0x15180 (86,400 seconds = 1 day)
  Function: Determines how long the DNS server can save a record of a
  recursive name query.
  You can use the MaxCacheTtl registry entry to specify how long the DNS
  server can save a record of a recursive name query.
  If the value of the MaxCacheTtl entry is 0x0, the DNS server does not save
  any records.
  The DNS server saves the records of recursive name queries in a memory cache
  so that it can respond quickly to new queries for the same name. Records are
  deleted from the cache periodically to keep the cache content current. The
  interval when the records remain in the cache typically is determined by the
  value of the Time to Live (TTL) field in the record. The MaxCacheTtl entry
  establishes the maximum time that records can remain in the cache. The DNS
  server deletes records from the cache when the value of this entry expires,
  even if the value of the TTL field in the record is greater.
  Change method
  To change the value of the MaxCacheTtl entry, use Dnscmd.exe, a tool that is
  included with the Windows 2000 Support Tools. The change is effective
  immediately so that you do not have to restart the DNS server.
  Start method
  DNS reads its registry entries only when it starts. If you change the value
  of the MaxCacheTtl entry by editing the registry, the changes are not
  effective until you restart the DNS server.
  Note the following items: . Windows 2000 does not add the MaxCacheTtl entry
  to the registry. You can add it by editing the registry or by using a
  program that edits the registry.
  The MaxCacheTtl entry does not affect Windows Internet Name Service
  (WINS) data that is saved in the DNS memory cache. WINS data is saved until
  the Cache Timeout Value on the WINS record expires. To view or change the
  Cache Timeout Value on the WINS record, use the DNS snap-in. Right-click a
  zone name, click Properties, click the WINS tab, and then click Advanced.
  ===============================
  Ace
  Ace Fekay
  MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Is there a patch for Adobe Illustrator CS4 for the issue described in APSB10-29 for CS5?

  APSB10-29 acknowledges a problem that affects CS5 and ALL earlier versions, however only makes available a patch for CS5. We tried using the patch on our CS4 installation, but it says it isn't applicable to our installation. Is there an applicable fix for earlier versions such as ours?

  We use the Nessus vulnerability scanner to check for potential OS and applications security issues, and it's picking up on this vulnerability in our Illustrator CS4 installattion, and it's suggesting we apply the 15.0.2 update, which we can't. So is this likely just a false positive? Do we know for a fact that this issue is strictly a CS5 issue? If that's the case I'll just note it as such and move on. Thanks.

• MS IE toStaticHTML String Parsing Cross-Site Scripting Vulnerability alarms

  Hi,
  I was wondering if someone else has noted an increase in false positives concerning the following 2 events:
  - Microsoft Internet Explorer toStaticHTML String Parsing Cross-Site Scripting  Vulnerability
  - Microsoft Office Excel Ghost Record Parsing Arbitrary Code Execution Vulnerability
  Obvisouly I see these events because the signature has been introduced recently!!!
  But I wonder if these alarms I'm getting are genuine (and I have a big problem), or if the signature needs to be 'tuned' by Cisco to be a bit less sensitive?
  Anyone has experienced something similar or can shed a light?
  Thanks,
  seb.

  Hello Seb,
  Since I don't have the entire transmission, I can't tell what exactly is commented out in regard to the tags, but the data appears to look something like below.
  e){  
    //v3.0..   
    eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
    if (restore) selObj.selectedIndex=0;
  //-->
  @td  
  img{display: block;}
  @import url("p7tp/p7tp_01.css
  With 30419 being related to CVE-2010-3324, I assume the signature is firing due to some match variation of the fact that @import and the tags are showing up in a response from your web server. The toStaticHTML method should remove tags, but the vulnerability is causing that mechanism to fail.
  The oBot User-Agent caught my eye. Google returns several pages to the effect of oBot being a:
  "German spider from Cobion, now part of Internet Security Systems. Scans the web for their clients looking for copyright infringement."
  I'm not sure what benefit this search bot would receive from injecting Javascript into the response.
  I'll forward the capture data to our sig team to confirm whether this should be a legitimate match.
  Thank you,
  Blayne Dreier
  Cisco TAC Escalation Team
  **Please check out our Podcasts**
  TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
  TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

• Ironport Cipher Suites external address allows 56-bit DES

  We recently got asked from co worker inside our organization that expressed concerns when he scanned external ip of the Ironport.  The Ironport showed that it allows 56-bit DES ciphers. Should these ciphers be disabled or removed because of security concerns?
  Thanks in advance

  We normally see null/anonymous ciphers in use when we are contacted for PCI scan vulnerabilities.
  Please see the following:
  Article #1367: How do I prevent the IronPort appliance from negotiating null or anonymous ciphers? Link: http://tools.cisco.com/squish/3637E
  Article #1785: SSLv3 and TLSv1 Protocol Weak CBC Mode Vulnerability Link: http://tools.cisco.com/squish/24cC5
  You'll need to try the @STRENGTH option – which will specify to use the stronger ciphers first.
  I would also suggest to use the following:
  The "-aNULL" states that it will not accept random ciphers.
  > sslconfig
  sslconfig settings:
    GUI HTTPS method:  sslv3tlsv1
    GUI HTTPS ciphers: RC4-SHA:RC4-MD5:ALL
    Inbound SMTP method:  sslv3tlsv1
    Inbound SMTP ciphers: RC4-SHA:RC4-MD5:ALL
    Outbound SMTP method:  sslv3tlsv1
    Outbound SMTP ciphers: RC4-SHA:RC4-MD5:ALL
  Choose the operation you want to perform:
  - GUI - Edit GUI HTTPS ssl settings.
  - INBOUND - Edit Inbound SMTP ssl settings.
  - OUTBOUND - Edit Outbound SMTP ssl settings.
  - VERIFY - Verify and show ssl cipher list.
  []> inbound
  Enter the inbound SMTP ssl method you want to use.
  1. SSL v2.
  2. SSL v3
  3. TLS v1
  4. SSL v2 and v3
  5. SSL v3 and TLS v1
  6. SSL v2, v3 and TLS v1
  [5]> 5
  Enter the inbound SMTP ssl cipher you want to use.
  [RC4-SHA:RC4-MD5:ALL]> MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
  sslconfig settings:
    GUI HTTPS method:  sslv3tlsv1
    GUI HTTPS ciphers: RC4-SHA:RC4-MD5:ALL
    Inbound SMTP method:  sslv3tlsv1
    Inbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
    Outbound SMTP method:  sslv3tlsv1
    Outbound SMTP ciphers: RC4-SHA:RC4-MD5:ALL
  Choose the operation you want to perform:
  - GUI - Edit GUI HTTPS ssl settings.
  - INBOUND - Edit Inbound SMTP ssl settings.
  - OUTBOUND - Edit Outbound SMTP ssl settings.
  - VERIFY - Verify and show ssl cipher list.
  []> OUTBOUND
  Enter the outbound SMTP ssl method you want to use.
  1. SSL v2.
  2. SSL v3
  3. TLS v1
  4. SSL v2 and v3
  5. SSL v3 and TLS v1
  6. SSL v2, v3 and TLS v1
  [5]>
  Enter the outbound SMTP ssl cipher you want to use.
  [RC4-SHA:RC4-MD5:ALL]> MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
  sslconfig settings:
    GUI HTTPS method:  sslv3tlsv1
    GUI HTTPS ciphers: RC4-SHA:RC4-MD5:ALL
    Inbound SMTP method:  sslv3tlsv1
    Inbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
    Outbound SMTP method:  sslv3tlsv1
    Outbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
  Choose the operation you want to perform:
  - GUI - Edit GUI HTTPS ssl settings.
  - INBOUND - Edit Inbound SMTP ssl settings.
  - OUTBOUND - Edit Outbound SMTP ssl settings.
  - VERIFY - Verify and show ssl cipher list.
  []>
  > commit
  Once that is in place – have the security scan re-ran.