It is kind of scary but pretty often we see claims that exploits to 0day-vulnerabilities are sold on the Internet. There was one recently for Excel on eBay and now there are claims that there was a WMF-exploit on the market pretty early in December (http://ddanchev.blogspot.com/2006/01/was-wmf-vulnerability-purchased-for.html).

Roger

I do not know, how often I had to answer the question about out Anti-Spyware solution. Now, after a long, long time beta 2 is available. Go and download it at http://www.microsoft.com/athome/security/spyware/software/default.mspx

Roger

Since yesterday I am aware of problems with Windows Defender Beta 2 on non-English Operating Systems :-(. That is all I know at the moment. We are working on it and I will keep you posted as soon as I know more

Roger

I promised you to keep you posted on the issues we had with Windows Defender Beta 2. I just got the message that the problems should be fixed now and that the fixed version is available on the same download link as orinignally (http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en).

Roger

This will be a heavy month. As you may have seen, we released the advanced notification with the announcement of seven bulletins this month: http://www.microsoft.com/technet/security/bulletin/advance.mspx

Always, we are offering you a chat the Friday following the Security Update release. If you have questions, join us: http://www.microsoft.com/switzerland/technet/de/default.mspx

Looking forward meeting you there

Roger

As you probably know, Bill Gates delviers a keynote at this year's RSA Conference. He usually sets the stage for at least the next year. If you are interested, the keynote is available as a Webcast with about 50 minutes delay at: http://www.microsoft.com/events/executives/billgates.mspx or http://www.microsoft.com/events/series/mikenash.mspx 

Roger

You probably heard about the Strider Honeymonkey project trying to scan the web for sites hosting malware. This project is run by Microsoft Research. Now, the University of Washington published more recent results.

Strider Honeymonkey: http://research.microsoft.com/HoneyMonkey/

University of Washington: http://www.cs.washington.edu/~gribble/papers/spycrawler.pdf

Roger

At the moment it seems extremely quiet regarding MyWife (Kamasutra, Blackmal). Nevertheless, we are receiving some mixed signals and there are rumours about companies having to take down their network - but there are no confirmed facts.

Do you know about infections? What do you see? Let me know

Roger

Bill Gates outlines Microsoft's efforts to improve security in Windows Vista operating system. Microsoft Chairman Bill Gates delivers a keynote address at the RSA Conference in San Jose, Calif., Tuesday, Feb. 14, 2006. Looking to simplify online transactions and make them safer, Microsoft Corp. Chairman Bill Gates showed off a tool that could replace the need to manually enter usernames and passwords to unlock the doors of the Internet.

http://ap.lubbockonline.com/pstories/20060215/3649451.shtml

Urs

 

There is a new Phishing Activity Trends Report for December, 2005. It states that “December 2005 showed a disturbing trend of far more brands being spoofed than in any month on record. Over 120 brands were used in phishing attacks this month. A large number of banks, credit unions and credit card associations were attacked. A larger number of European financial institution attacks were reported than in previous months. We also received complaints of attacks against numerous ISPs, webmail providers and even P2P networks. There were numerous reports in December of a US Internal Revenue Service phishing attack.” http://anti-phishing.org/reports/apwg_report_DEC2005_FINAL.pdf Urs

Departmenet of Homeland Security together with the National Cyber Security Alliance release their view of the 2006 Emerging Threat List. This is pretty interesting as they see the following threats growing in 2006:

• Hackers use Instant Messaging to spread viruses and worms
• Phishing fraud becomes more prevalent and sophisticated
• Viruses attack cell phones and PDAs
• Hackers target online brokerage accounts
• Internet crimes go unreported

If you want to see the whole public statement: http://www.staysafeonline.info/news/DHS-NCSA-2006InternetThreatList.html

Roger

The Department of Energy recently approved a comprehensive manual on procedures for protecting all manner of classified or controlled information in the Department's possession. The manual has not been readily available online, but a copy was obtained by Secrecy News and posted on the Federation of American Scientists web site.

http://www.fas.org/sgp/othergov/doe/m470-4-4.pdf

Urs

 

There is a cool show on MSDN called: The Code Room: Breaking Into Vegas.

From the abstract:

Want to see Network Access Protection and how it works? Well, you have two options: Either attend my Webcast tomorrow at 16:00 (http://www.microsoft.com/switzerland/technet/de/events.mspx) - we will make it available afterwards as well. Or join our session at TechDays (http://www.techdays.ch) called "365 Tage Stress mit Security?".

We will Demo it with Windows Vista and Windows Server "Longhorn"

Both are in high German.

Looking forward to seeing you there :-)

Roger