Its time to update your Adobe Reader and Acrobat to protect your systems from the following Common Vulnerabilities and Exposures (CVE):
CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202, CVE-2010-0203, CVE-2010-0204, CVE-2010-1241
Security advisory is available here: http://www.adobe.com/support/security/bulletins/apsb10-09.html. This security advisory was release April 13, 2010. This security advisory applies on all platforms application or operating systems supported (MAC,UNIX and Windows).
Tuesday, April 13, 2010
Microsoft April 2010 Patch Tuesday
Another busy patching for all users and organization utilizing Microsoft Products.
Please see below table on this Month Patch Tuesday.
Please see below table on this Month Patch Tuesday.
| MS Bulletin ID | Affected / CVE | MS KB Article ID | Microsoft rating |
| MS10-019 | Vulnerabilities in Windows Authenticode Verification | ||
| Authenticode | KB 981210 | Severity:Critical | |
| CVE-2010-0486 | |||
| CVE-2009-0487 | |||
| MS10-020 | Vulnerabilities in SMB Client (Replaces MS10-006 ) | ||
| SMB Client | KB 980232 | Severity:Critical | |
| CVE-2009-3676 | |||
| CVE-2010-0269 | |||
| CVE-2010-0270 | |||
| CVE-2010-0476 | |||
| CVE-2010-0477 | |||
| MS10-021 | Privilege Elevation Vulnerabilities in Windows Kernel (Replaces MS10-015 ) | ||
| Windows Kernel | KB 979683 | Severity:Important | |
| CVE-2010-0234 | |||
| CVE-2010-0235 | |||
| CVE-2010-0236 | |||
| CVE-2010-0237 | |||
| CVE-2010-0238 | |||
| CVE-2010-0481 | |||
| CVE-2010-0482 | |||
| CVE-2010-0810 | |||
| MS10-022 | Vulnerability in VBScript Engine (Replaces MS10-022 ) | ||
| VBScript | KB 981169 | Severity:Critical | |
| CVE-2010-0483 | |||
| MS10-023 | Vulnerability in Microsoft Office Publisher (Replaces MS08-027 MS09-030 ) | ||
| Publisher | KB 981160 | Severity:Important | |
| CVE-2010-0479 | |||
| MS10-024 | DoS Vulnerability in Microsoft Exchange and SMTP Service | ||
| Exchange, SMTP Service | KB 981832 | Severity:Important | |
| CVE-2010-0024 | |||
| CVE-2010-0025 | |||
| MS10-025 | Vulnerability in Microsoft Windows Media Services | ||
| Windows Meida Services | KB 980858 | Severity:Critical | |
| CVE-2010-0478 | |||
| MS10-026 | Vulnerability in Microsoft MPEG Layer 3 Codec | ||
| MPEG Layer 3 Codec | KB 977816 | Severity:Critical | |
| CVE-2010-0480 | |||
| MS10-027 | Vulnerability in Windows Media Player (Replaces MS07-047 ) | ||
| Windows Media Player | KB 979402 | Severity:Critical | |
| CVE-2010-0268 | |||
| MS10-028 | Vulnerabilities in Microsoft Visio (Replaces MS09-062 MS09-005) | ||
| MS Visio | KB 980094 | Severity:Critical | |
| CVE-2010-0254 | |||
| CVE-2010-0256 | |||
| MS10-029 | ISATAP Spoofing Vulnerability | ||
| ISATAP | KB 978338 | Severity:Moderate | |
| CVE-2010-0812 | |||
Sunday, March 7, 2010
What is the best IT Security Certification?
I think it depends on what you are after to. If you are looking for IT Security Auditing field there is CISA or CIA . But if you are looking for overall IT security field I suggest CISSP as this is a defacto gold standard in IT Security not to mention that it covers a lot of accreditation with revise US DOD 8570 for any personnel involve with or conducting Information Assurance as of this year (2010). CISM is also one of the popular certification focusing on the IT security management level. CEH is also the new addition in DOD 8570 this certification covers ethical hacking such as penetration testing, vulnerability testing and etc. C|EH is more technical in nature because you need to think as a non ethical hacker or cracker in securing your target systems almost same with some of GIAC IT security certification.
Certification chart from Us DOD 8570
(chart is a partial list of certification accredited by US DoD)
Regardless on what certification you are trying to pursue you have to check the Job Market trend on what security certification is the most popular or employer wants to employ. I have searched numerous IT Security Job related the most common are CISSP, CISM or CISA. Maybe the reasons behind is that this certification requires at least 5 years of verified experience thus ensuring or the employer is assured that the certified individual had a working knowledge on the IT Security field.
Expanded Tertiary Education Equivalency and Accreditation Program (ETEAAP)
I heard about this program under Commission of Higher Education (CHED) several years back and not able to push thru due to some reasons and/or lack interest. I told myself why I need a degree if my current IT certification and skills can exceed company expectation compared to a degree holder.
I have more than 10 years of IT experience but not a degree holder. In spite of, having a right skills and certification I having a hard time to climb at the corporate ladder due to lack of degree. The only top position that the management in every company that I have been is at the level of middle management or supervisor up to assistant manager. Not to mention if I've tried to apply abroad, the employer is looking for a degree as a minimum requirement even if I challenge the employer that I can do the job but still they insist as they do not want to have issues processing my Visa.Then I have came to realize recently that I need to finish my degree. After checking CHED ETEAAP website (http://www.ched.gov.ph/services/students/eteeap.html) and downloading the application form. I have completed all the requirement and submit my application with one of the University for processing and paid application fee of Php 500. As instructed by the ETEAAP adviser there will be a series of interview before they can decide if I am qualified on the course that I want to have equivalent. In this case, I applied for either BS Computer Engineering or BS IT. What I am excited about this program is that, I was told that I can finish the degree in 1 year with classes schedule of twice (Friday and Saturday) a month (depending on what subject you need to take). Hoping that I pass the panel interview with the assessor on May.
What is ETEAAP?
It is a comprehensive assessment program of identifying ,assessing,validating and assigning college-level learning for prior learning from formal, non-formal and informal training and relevant work experiences toward the final granting of appropriate academic degree. An individual may be granted a diploma for a degree after a competency based evaluation based on the established equivalency competencies standards and comprehensive assessment system employing written test,interviews, skills demonstration, portfolio and other creative assessment methodologies.
Who can avail of this program?
1) Any Filipino who is, at least a high school graduate or who has obtained a PEPT placement equivalent to first year college;
1) Any Filipino who is, at least a high school graduate or who has obtained a PEPT placement equivalent to first year college;
2) He / she must have been employed for an aggregate of at least 5 years in the field or industry related to the academic program or discipline he/she is obtaining an equivalency;
3) He / she must be at least 22 years old ; and
4) He / she must be able to show evidence of capability and thorough knowledge in the field applied for equivalency and accreditation.
What is the cost involve on this program?
An estimated cost based on my initial discussion with the ETEAAP secretariat will be around 20k to 25k per semester . But I heard with others that the total cost (includes graduation expenses) as high as 100k depending on the HEI.
For more information about this program please visit http://www.ched.gov.ph/services/students/eteeap.html.
Subscribe to:
Posts (Atom)