April 2010

The Adobe Reader and Acrobat JavaScript Blacklist Framework introduced in versions 9.2 and 8.1.7 provides granular control over the execution of specific JavaScript APIs. This mechanism allows selective blocking of vulnerable APIs so that you do not have to resort to disabling JavaScript altogether.

The blacklist is maintained in the Windows registry and the Macintosh OS X FeatureLockdown file.On Windows, there are two blacklists, one for enterprise administrators,and one for Adobe patches and updates.

DNS Cache Poisoning Issue ("Kaminsky bug")
A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack.
 

CVE: CVE-2008-1447
CERT: VU#800113
Program Impacted: BIND

WASHINGTON -- The U.S. must fire back against cyber attacks swiftly and strongly and should act to counter or disable a threat even when the identity of the attacker is unknown, the director of the National Security Agency has told Congress.

Lt. Gen. Keith Alexander, who is the Obama administration's nominee to take on additional duties as head of the new Cyber Command, also said the U.S. should not be deterred from taking action against countries such as Iran and North Korea just because they might launch a cyber attack.

"Even with the clear understanding that we could experience damage to our infrastructure, we must be prepared to fight through in the worst case scenario," Alexander said in a Senate document obtained by The Associated Press.

 

All political and military conflicts now have a cyber dimension,whose size and impact are difficult to predict.National security experts must now acknowledge that real political and military objectives can be won or lost in cyberspace,even if only on the propaganda front.Globalisation and the Internet have aided foreign intelligence services and terrorists as much as any other part of society.