Security
2006.11.10 Daily Security Reading
by Rodney Campbell on Nov.10, 2006, under Security
Microsoft to release six Windows security updates
Microsoft Corp. will release six groups of security patches next Tuesday. The updates will be released as part of Microsoft’s regularly scheduled monthly patch release, and will fix critical flaws in Windows and the company’s XML (Extensible Markup Language) parser
Windows Vista Security Guide Now Available
This guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory directory service.
Google Accidentally Sends Out Kama Sutra Worm
Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.
October was a spammy month. The assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan programs, Warezov and SpamThru. Others say a new breed of spam messages called image spam — messages with text embedded in an image file that evade spam filters, which can’t recognize the words inside the image — is responsible.
2006.11.09 Daily Security Reading
by Rodney Campbell on Nov.09, 2006, under Security
Sex, Spies and Hard-Drives – Wipe Data Properly
On average, 70% of re-sold hard-drives and memory cards contain pornographic material according to research carried out on 1,000 hard-drives over the course of a year by Disklabs Data Recovery and Computer Forensics.
81% of IT Managers report a security incident due to IM or other Greynets
FaceTime Communications and market research firm NewDiligence, today reported results of their annual survey: Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes and Impact.
TA06-312A: Mozilla Updates for Multiple Vulnerabilities
The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
Earlier in the week, it was the 2007 Office system; now after 5 long years of development Windows Vista has finally RTMed (Release To Manufacturing) and the golden build number is 6000.16386. General availability is scheduled for January 30, though business consumers will be able to pick it up at the end of this month.
Why Upper Management Doesn’t "Get" IT Security
Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn’t "get" IT security threats. The results aren’t terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management.
2006.11.08 Daily Security Reading
by Rodney Campbell on Nov.08, 2006, under Security
Security must focus on desktop policy
The challenge of controlling security threats triggered by users in the workplace shows no sign of abating, new research commissioned by Check Point Software Technologies suggests.
Attackers end-run around IE security
The dependence of Internet Explorer on other Windows components has allowed online attackers to work around the shored-up security of Microsoft’s latest browser.
How much can a LAN switch protect your network?
Call it NAC (Cisco’s Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft’s Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies.
2006.11.07 Daily Security Reading
by Rodney Campbell on Nov.07, 2006, under Security
OSX.Macharena virus targets Mac OS users
Mac OS security company Intego has issued a warning about MACHARENA proof-of-concept virus, which has not yet been seen in the wild, was published on a hacker Web site.
The recent surge in spam volume is due to the assertiveness of botnets and to an increase in the sophistication of their spamming efforts.
HSDPA may finally deliver a small piece of wireless utopia… technology promises wireless speeds as high as 3.6 Mbps.
Login Code of Conduct Found Not Binding
The Industrial Relations Commission of New South Wales, Australia, has ordered a company to reinstate an employee who downloaded porn onto a work laptop, even though it was in contravention of his workplace’s code of conduct. From the article: the IRC said there was an ‘air of automatically’ about the annual signing off of employees on NCR’s code of conduct, ‘a degree of mechanical, unthinking routine in employees making a commitment to abide by the code.’ So, I think most of us can agree, porn at work == bad, but recognition that Click EULAs/other agreements are not binding is probably good. The question is — what replaces them?
2006.11.06 Daily Security Reading
by Rodney Campbell on Nov.06, 2006, under Security
Increased Spam Fuelled Through Botnet Activities
MessageLabs, a provider of integrated messaging and web security services to businesses worldwide, has announced the results of its Intelligence Report for October 2006.
New, critical Microsoft Windows 0-day appears
Another new zero-day exploit for Microsoft systems has appeared, capable of compromising fully patched IE 6/7 systems when a user visits a malicious website.
HD Moore’s Kernelfun Blog, a repeat of the Browserfun blog.
Symantec Best at Removing Rootkits; Microsoft Worst
A study done by anti-virus veteran Roger Thompson rates Symantec’s Norton AntiVirus 2007 as the best at detecting and removing stealth rootkits; Microsoft’s Windows Defender was a big disappointment in the study.
Seven shortcomings of virtual security
I’ve seen a spate of virtualization products popping up to protect your computer while you surf the Internet. Roughly similar to Sun’s Java infamous sandbox environment, they use various mechanisms to prevent malware from infecting or modifying your computer while you browse the Web, read e-mail, or use other forms of Internet-based communications (IM, p-to-p, and so on).
Malware writers have used a Wikipedia article and special storage features to attempt to plant malicious code on unsuspecting users’ systems, the online encyclopedia’s organisers have confirmed.
Top 10 Signs You Have an Insecure Web App
I often surf the web and see blatant design errors that make me shake my head. Without even investigating the security of a site, I know without a doubt that the site will be chock full of vulnerabilities. How can I be so sure? I see programming mistakes that illustrate an utter lack of concern for security. They are ugly mistakes that are far too prevalent.