Archive for November, 2006
2006.11.09 Daily Security Reading
by Rodney Campbell on Nov.09, 2006, under Security
Sex, Spies and Hard-Drives – Wipe Data Properly
On average, 70% of re-sold hard-drives and memory cards contain pornographic material according to research carried out on 1,000 hard-drives over the course of a year by Disklabs Data Recovery and Computer Forensics.
81% of IT Managers report a security incident due to IM or other Greynets
FaceTime Communications and market research firm NewDiligence, today reported results of their annual survey: Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes and Impact.
TA06-312A: Mozilla Updates for Multiple Vulnerabilities
The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
Earlier in the week, it was the 2007 Office system; now after 5 long years of development Windows Vista has finally RTMed (Release To Manufacturing) and the golden build number is 6000.16386. General availability is scheduled for January 30, though business consumers will be able to pick it up at the end of this month.
Why Upper Management Doesn’t "Get" IT Security
Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn’t "get" IT security threats. The results aren’t terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management.
2006.11.08 Daily Security Reading
by Rodney Campbell on Nov.08, 2006, under Security
Security must focus on desktop policy
The challenge of controlling security threats triggered by users in the workplace shows no sign of abating, new research commissioned by Check Point Software Technologies suggests.
Attackers end-run around IE security
The dependence of Internet Explorer on other Windows components has allowed online attackers to work around the shored-up security of Microsoft’s latest browser.
How much can a LAN switch protect your network?
Call it NAC (Cisco’s Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft’s Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies.
2006.11.07 Daily Security Reading
by Rodney Campbell on Nov.07, 2006, under Security
OSX.Macharena virus targets Mac OS users
Mac OS security company Intego has issued a warning about MACHARENA proof-of-concept virus, which has not yet been seen in the wild, was published on a hacker Web site.
The recent surge in spam volume is due to the assertiveness of botnets and to an increase in the sophistication of their spamming efforts.
HSDPA may finally deliver a small piece of wireless utopia… technology promises wireless speeds as high as 3.6 Mbps.
Login Code of Conduct Found Not Binding
The Industrial Relations Commission of New South Wales, Australia, has ordered a company to reinstate an employee who downloaded porn onto a work laptop, even though it was in contravention of his workplace’s code of conduct. From the article: the IRC said there was an ‘air of automatically’ about the annual signing off of employees on NCR’s code of conduct, ‘a degree of mechanical, unthinking routine in employees making a commitment to abide by the code.’ So, I think most of us can agree, porn at work == bad, but recognition that Click EULAs/other agreements are not binding is probably good. The question is — what replaces them?
2006.11.06 Daily Security Reading
by Rodney Campbell on Nov.06, 2006, under Security
Increased Spam Fuelled Through Botnet Activities
MessageLabs, a provider of integrated messaging and web security services to businesses worldwide, has announced the results of its Intelligence Report for October 2006.
New, critical Microsoft Windows 0-day appears
Another new zero-day exploit for Microsoft systems has appeared, capable of compromising fully patched IE 6/7 systems when a user visits a malicious website.
HD Moore’s Kernelfun Blog, a repeat of the Browserfun blog.
Symantec Best at Removing Rootkits; Microsoft Worst
A study done by anti-virus veteran Roger Thompson rates Symantec’s Norton AntiVirus 2007 as the best at detecting and removing stealth rootkits; Microsoft’s Windows Defender was a big disappointment in the study.
Seven shortcomings of virtual security
I’ve seen a spate of virtualization products popping up to protect your computer while you surf the Internet. Roughly similar to Sun’s Java infamous sandbox environment, they use various mechanisms to prevent malware from infecting or modifying your computer while you browse the Web, read e-mail, or use other forms of Internet-based communications (IM, p-to-p, and so on).
Malware writers have used a Wikipedia article and special storage features to attempt to plant malicious code on unsuspecting users’ systems, the online encyclopedia’s organisers have confirmed.
Top 10 Signs You Have an Insecure Web App
I often surf the web and see blatant design errors that make me shake my head. Without even investigating the security of a site, I know without a doubt that the site will be chock full of vulnerabilities. How can I be so sure? I see programming mistakes that illustrate an utter lack of concern for security. They are ugly mistakes that are far too prevalent.
2006.11.03 Daily Security Reading
by Rodney Campbell on Nov.03, 2006, under Security
Surprises Inside Microsoft Vista’s EULA
Scott Granneman takes a look at some big surprises in Microsoft’s Vista EULA that limit what security professionals and others can do with the forthcoming operating system. As a follow up there has been a revision to Windows Vista retail licensing terms.
Mozilla promises fix for second minor Firefox 2.0 bug
A second bug in the Firefox 2.0 Web browser causes a crash but poses no risk for data loss, a Mozilla official said.
Mobile threats – myth or reality?
The number of infected MMS messages is already close to the amount of malicious code found in mail traffic.
In the spirit of the Month of Browser Bugs, a new project called the Month of Kernel Bugs will be posting one kernel bug a day for the month of November. [Month of Kernel Bugs]
Vista Gets Official Release Dates
Five years, three months and five days after Windows XP made its debut, Microsoft will usher its next-generation OS onto the stage. Microsoft has set November 30 as the release date for Vista (and Office 2007) to business customers and January 30, 2007 as the date for the official launch to consumers and The World At Large.