I have been at the Symposium on Privacy and Security today talking about security for small and medium businesses. Afterwards we had a panel discussion where one person asked about the changes in the threats from the internet.
Well, some of the are obvious:
Now the queston was brought up whether we will really want to have critical technology like Voice over IP on an environment like this.
What do you mean? How did it change? Is the Internet really THAT insecure and risky?
Roger
http://www.securityfocus.com/news/11292
Urs
When I talk to customers regarding Windows XP SP2 and the improvements we made in IE, they relate the security changes with the Pop-Up Blocker. But believe it or not - there is more......
If you are interested to learn about IE 6 SP2 security, check the whitepaper at microsoft.com
P.S: If you want to look into the future of IE, regularly check the IE 7 web site
There is an excellent (but lengthy) article about the people being behind Cyberwarefare. Think again: Are you protected against this level of attackers? Are government and law enforcement agencies ready to fight them? Do you even realize that your are attacked?
Read yourself: http://www.time.com/time/magazine/article/0,9171,1098961,00.html
I just saw the first news regarding arrests for Zotob: http://apnews.excite.com/article/20050826/D8C7K9NO3.html
It seems that the work we are doing together with the different policies starts to pay off
Do we really want to let our phantasy do it's work? Well, let's think a little bit:
In the last few weeks we often got articles like those: Chinese Web sites used to target U.S. systems-report. From time to time we see sources claiming that different countires are attacking each other using the Internet. This has a name: It is called Information Warfare.
Now, there has been some chatter aroung terrorists as well. You see it here: Al-Qaida Recruiting Target: Skilled Hackers
If you bring this together it gets frightning. There is already a small war going on but think yourself: Would your company survive a targeted, skilled attack? If you tell me now, that you will never ever be a target, please think again. Those people try to make sure that they attack in a way we are not expecting them to do.
It kind of scares me....
That is something I really cannot believe: Major US Banks are starting to use normal http-pages as the first page for the logon...
There you find the article on netcraft: http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html. It seems that we already started to critizie this....
Not only CNN has been hit by a virus, US customs as well. I hope that this will not be happening when I am there the next time :-)
MIAMI - Travelers arriving in the United States from abroad were stuck in long lines at airports nationwide when a virus shut down an U.S. Customs and Border Protection computer system for several hours, officials said.
You find the whole article on MSNBC: http://www.msnbc.msn.com/id/9002733/
At the moment quite some customers are fighting all the different worms that attack MS05-039. The interesting thing is that there is more than "just" a few virus outbreaks. We are experiencing something we saw pretty often in the near past: An actual bot-war that is going on. At least on source is claiming that the different bots are killing each other like the IRCBot and Bozori bots are killing Zotob and others. For more infomration look at the f-secure weblog: http://www.f-secure.com/weblog/
Network administrators have the challenge of ensuring that computers that connect to a private network are healthy. For example, healthy computers have the correct security software installed (such as antivirus protection), the current operating system updates, and the correct configuration (such as host-based firewalls enabled). This challenge is made daunting by the portable nature of laptop computers that can roam to various Internet hotspots and other private networks and the use of remote access connections made from home computers. If a connecting computer is not healthy, it can expose the private network to attacks by malicious software such as network-level viruses and worms.
The Network Access Protection (NAP) platform for Windows Server™ Vista provides components and an infrastructure that help administrators validate and enforce compliance with policies for network access:
http://www.microsoft.com/technet/community/columns/cableguy/cg0705.mspx
Great stuff and it's never too early to look at the next generation of security tools! Be prepared...Urs
Microsoft on Wednesday made available a free software tool to help victims of the worms that hit Windows computers in the past days clean their systems. The Zotob worm started spreading on Sunday. Since then it along with many of its variants and other worms that take advantage of the same Windows security flaw have hit Windows 2000 users in particular. Systems at CNN, ABC and The New York Times were among those infected.
The cleaning program is an updated version of Microsoft's Windows Malicious Software Removal Tool:http://www.microsoft.com/security/malwareremove/default.mspx
Microsoft has updated the MS05-039 advisory and provides a link to this site for more information about the worm: http://www.microsoft.com/security/encyclopedia/details.aspx?name=Worm:Win32/Zotob.A
It also provides a link to this site for more information regarding Microsoft’s guidance: www.microsoft.com/security/incident/zotob.mspx
This Microsoft Security Advisory is located at this location: http://www.microsoft.com/technet/security/advisory/899588.mspx
According to US-CERT, Blocking inbound connections to port 445 will provide protection against this worm.The FTP server that the worm sets up does not run on the standard FTP port, but runs on 33333/TCP.In addition, US-CERT has received a report that the IP address 84.244.6.162 is being used to further propagate Zotob infections.
MS05-039 got hit first. SANS seems to have been right but up to now, the worm does not seem to be too heavy (this might change over time but not at the moment).
F-Secure released a Level 2 Alert today and called the worm Zotob.A (http://www.f-secure.com/weblog/). It is attacking unpached machines on port 445. Therefore, if consumers have a firewall up and running (e.g. SP2 installed) they will be protected. Otherwise....
SANS (http://isc.sans.org) has an interesting statistics:
Let's hope that there will not be more
It seems that SANS is expecting that the exploits for our August patches or for the vulnerability in the Veritas Backup software will be integrated in a worm pretty soon. To quote them: "there are enough exploits for these vulnerabilities known to be in the wild that we believe it is only a matter of hours or at most days until they are integrated into a worm.".
In the last few months, SANS has been pretty offensive with warnings but we have for sure to further look at the situation in the next few days.
http://isc.sans.org/
Hi, I am back :D. After four beautiful weeks of vacation I will start working again on Monday.
Looking at the statistics of our blog we have pretty good hit-rates, which gives us quite some motivation for moving on. Where we are not too good is with the number of comments we recieved. They are actually 0. Help us a little bit: Do we really hit your needs? What do you think of our blog? Give us feedback and help to improve.
Enter comments to either this post or any other. We will come back to you. If you do not want to do it publically, mail me: rhalbh@microsoft.com
Thank you and I am looking forward to your comments
Microsoft Settles Suit Against Spam King. Microsoft has settled a lawsuit against former spam kind Scott Richter. Richter and his company, OptInRealBig.com, agreed to pay US$7 million to Microsoft, although that settlement is conditioned on dismissal of two bankruptcy cases filed by Richter and the company. According to Microsoft, $5 million of the settlement will go to expand the company's Internet safety partnerships with governments and law enforcement agencies worldwide. The funds will pay for technical training, investigative and forensic assistance, and the development of new technology tools.The company has pledged another $1 million to provide community centers in New York state with broader access to computers for underprivileged children and adults.
http://news.com.com/Microsoft+to+fight+crime+with+spammers+money/2100-7350_3-5826561.html?part=rss&tag=5826561&subj=news
Microsoft Security Bulletin Summary for August, 2005http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx
Due to some problems with security signatures of some of the patches, some users encountered problems downloading the new August patches. Here is an alternative link to the download path:
Cumulative Security Update for Internet Explorer for Windows Server 2003http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/WindowsServer2003-KB896727-x86-ENU_0dd1b66897d4218914c25cf8614b1e8.exe
Cumulative Security Update for Internet Explorer for Windows XP SP2http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/WindowsXP-KB896727-x86-ENU_42516c52001a4537fd9681f710f76dd.exe Cumulative Security Update for Internet Explorer 6 Service Pack 1 (for Windows 2000 and XP SP1)http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/IE6.0sp1-KB896727-Windows-2000-XP-x86-ENU_03a52532a30f8ae123461eafbc70daf.exe So, don't forget to patch!Urs
Reading the latest news on Infoweek about the often discussed Cisco vulnerability announced at BlackHat I found an interesting quote from Pescatore from Gartner:
Microsoft, said Pescatore, has set the security bar with its predictable patch release schedule, security advisories that tell administrators why they need to patch (or why they don't), and early warnings about potential problems before a patch is available.
"But Microsoft was driven to do that," noted Pescatore. "Microsoft learned the hard way four years ago, with Code Red and Nimda."
This is pretty noteable as Gartner is not really a Microsoft fan...
There is even more - read it on http://www.informationweek.com/story/showArticle.jhtml?articleID=166404290
ABE filters shared folders visible to a user based on that individual user's access rights, preventing the display of folders or other shared resources that the user does not have rights to access. ABE can be accessed via graphical user interface (GUI), command-line executable tool, and a robust advanced programming interface (API).
Documentation: http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspxDownload: http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
Well, that remembers me at an other directory/filesystem called N... - well can't remeber that name! ;-)
A link to a page which provides you with access to dozens of intelligence related documents, PDF files, PowerPoint, Word, and HTML references that may be of interest to intelligence professionals in government and law enforcement at the local, county, tribal, state, and federal levels
RFprotect BlueScanner is a Bluetooth discovery tool for Windows. It will discover and display Bluetooth devices which are in range. It will display key information about devices, including what services they offer. BlueScanner can be used to:
http://www.bluescanner.org/
Beta 1 is not intended for broad consumer trial and evaluation but it does offer a preview of some of the benefits that Internet Explorer 7 will offer customers including:
http://www.microsoft.com/windows/IE/ie7/default.mspx
.Net is a software framework from Microsoft that enables language-non-specific software development, resulting in applications that can easily interoperate across platforms and networks. A question seasoned developers should ask at this point is, "What about security?" The good news is that .Net provides a broad range of security tools and functionality to the developer. However, improper application of these security measures can be far more dangerous to than not applying them at all. http://programming.newsforge.com/programming/05/07/20/2116235.shtml