Archive for April, 2007

Update to Wordpress 2.1.3 and 2.0.10 Provides Security Fix

Tuesday, April 3rd, 2007

This just in from Wordpress awhile ago…

We have a security update release now available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches.

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.

It isn’t April 1 anymore so this probably is the real thing. Make sure you guys update to this new version since it provides some important security fixes which if left unpatched will surely be easy to exploit.

Don’t forget to backup and test your backups first ;-) Good luck!

Posted in InfoSec Developments, InfoSec Trends, Security Bulletin, Vulnerability, WWW | 1 Comment »

Microsoft Releases Threat Analysis & Modeling v2.1.2

Sunday, April 1st, 2007

The Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

Download from Microsoft

Posted in InfoSec Developments, InfoSec Reading Materials, Risk Management, Security Tools, Windows | No Comments »