Well, I have seen several virus alerts on Level 2 from F-Secure without actually atking off. But this time there is a huge difference: When Slammer broke out, I have been on vacation. When Blaster took off - I have been on vacation. Since an hour, I am on vacation and just in this moment, F-secure issued a warning... : http://www.f-secure.com/weblog/
Let's see where this leads to
Roger
This has nothing to do with Security but it is very, very, cool: MSN released Virtual Earth. Look at the Aerial Photos. They are amazing: http://virtualearth.msn.com/Default.aspx
Unfortunately it is US-only at the moment.If you want to see the Microsoft Campus, search for Microsoft Way, Redmond
US-CERT warned today of targeted Trojan E-Mail attacks. Something that is pretty frightening and growing rapidly. We saw similar cases on Israel and the UK (both have been in the press). If you want to read the warning - there you go: http://www.us-cert.gov/cas/techalerts/TA05-189A.html
Hi, now, we have a blog as well :-)
We want to give you some insights, what is happening within the Siwss Security Team.
"We" - this is: Andrea Mueller, Security Solutions Manager; Urs P. Küderli, Strategic Security Advisor; Horst Thierbach, Security Technical Account Manager; Hans Reh, Security Technical Account Manager; and me, Roger Halbheer, Chief Security Advisor.
Last but not least, we would like to motivate you to add your comments to our posts as well. Looking forward to hearing from you
Microsoft announced its intention to acquire FrontBridge Technologies Inc., a privately held, leading provider of secure managed messaging services based in Los Angeles. FrontBridge advanced email filtering technologies offer spam filtering, virus scanning, disaster recovery, policy enforcement and message archiving solutions to companies who are looking for a managed email security service. The move allows Microsoft to provide a comprehensive suite of managed services for customers to help ensure the security, compliance and availability of all electronic messages.
http://www.frontbridge.com/FrontBridge/Microsoft press release (PDF)
Urs
Something we see pretty often these days: Universitites that are getting hacked. They have to run pretty complex and heterogeneous networks and have quite some interesting data (research and students). Just an other case: Hacker May Have Accessed University Applicants' Records http://www.securitypipeline.com/news/165701173
One source reports a significant spike on port 80 (http://www.dshield.org/port_report.php?port=80). It is unclear where this comes from. There is some chatter that somebody is probing new tools. Other rumours say that somebody is checking for vulnerabilitis
If you do not know, what to do starting from 2008, I would have an idea: Planning for the technology infrastructure that will underpin the London Olympic Games in 2012, including the need for thousands of volunteer IT staff, will begin ahead of the 2008 Beijing games. Full article at: http://management.silicon.com/itdirector/0,39024673,39150107,00.htm
Microsoft Security Quick Reference Guide now live on the Internet.http://download.microsoft.com/download/0/d/6/0d698beb-7d8e-427a-acb7-7642daf9d44e/security_onepager_extURLs.doc
Now, they are here. The attacks to MS05-037. It is finally exploited on several vecotrs. At the moment, I know of two:
Therefore I urge you to patch immediately
Today Svan Jaschan was sentenced to 21 motnh's probation. This is, on my personal opinion by far not enough, especially if we take into consideration that he admitted to having created several viruses and worms. This is a pretty bad signal. Read more on CNN: http://www.cnn.com/2005/LAW/07/08/sasser.suspended/index.html
Well, this is kind of funny to me: There have been some companies claiming that we flag them as spyware and that they actually are not. They all went through a defined and well-documented process and have been measured against defined and well-documented criteria. Now, we did this with Claria and based on some rumours, this company made it to the press. If you are interested in those processes and cirteria, there is a KB about it: http://support.microsoft.com/default.aspx?scid=kb;en-us;892340 Our official response is here: http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx
News from the net: It is not THAT bad but anyway: "The latest generation of spyware not only includes key-loggers that trap passwords, but screen-grabbing software. This takes multiple images of what the user is doing and sends it straight to the hacker." You can find the whole article at http://www.vnunet.com/vnunet/news/2139253/two-factor-authentication
We sponsored the development of a Security Career Guide that is pubnlished by ISC2 (the organisation that is repsonsible for the CISSP certifications). A pretty good overview: https://www.isc2.org/download/careerguide05.pdf
As you heard, we released a security advisory last Tuesday concerning a COM object that could cause IE to crash and that could cause a remote code execution. There is quite some chatter around this vulnerability, which was – unfortunately – disclosed irresponsibly. Please make sure that you do your risk assessment and think about implementing the workarounds described in Microsoft Security Advisory (903144) up until we issue a security update for this vulnerability. You can find additional information on the MELANI (www.melani.admin.ch) homepage
I am wondering whether people would start the disclose volns responsible if they would understand to what level of risk they expose our customers and with them quite a part of the industry by using irresponsible disclosure (called full disclosure as well). Again we had to warn for a publicly knwon vulnerabiltiy. This time RDP and it could lead "only" to a Denial of Service.
Anyway, if there is a need to communicate more, what is going on behind the scenes and why it soemtimes takes so long to issue a Security Update, get in touch with us. We are happy to explain this.
You can find the corresponding Advisory here: http://www.microsoft.com/technet/security/advisory/904797.mspx
I know that this is the third time today but it is woth it: The well-known hacking magazine is facing closure: http://news.bbc.co.uk/2/hi/technology/4657265.stm
Ever wanted to know the risks you are facing with your company and your IT implementation? There is a tool you should look at called the Microsoft Security Assessment Tool. It helps you to understand your risks and you even have the possibility to compare your results with industry averages. You will find it at http://www.securityguidance.com/
As I said recently: We are seeing Univeristies being hacked - pretty often.....
This time it is Univeristy of Colorado: http://news.com.com/University+of+Colorado+servers+hacked/2110-7349_3-5800712.html?part=rss&tag=5800712&subj=news
It seems to be a pretty quiet month. We just released the pre-notification for the July updates. We will release two Windows Updates with the highest rating critical and one critical Office update. As we now have Microsoft Update in place, you will not need to go the Office update anymore :-)
It is really unbelieveable, what people do: "Virus writers have created a Trojan which poses as London terrorist attack news footage. Infected emails harbouring the Trojan pose as a CNN Newsletter which asks recipients to ‘See attachments for unique amateur video shots’." Link: http://www.theregister.co.uk/2005/07/08/london_bombing_spambot/
Today at our internal Microsoft Global Briefing we announced the new name for our next version of Windows - code named Longhorn. It will be called Windows Vista. Beta 1 is still on target for early August and the release for 2006.
It will be the most secure Operating System ever [;)]