A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call...

The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks: http://blogs.zdnet.com/security/?p=691 ...

Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline. "And in case you were wondering, Microsoft's aggressive initiative to shore up its product security appears to be paying off...

WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html http://www.windowsecurity.com/articles/Group-Policy-related...

...and why also the development of an AV solution needs to go through a Security Development Lifecycle (SDL)! The vulnerabilities in antivirus software make the programs as much a threat, as a help, to corporate network security: http://www.securityfocus...

Roger has posted a very good article based on the Yankee group report. I especially like hes linking to existing (or almost existing) technology. I know, it's a bit long, but worthwile to read every word! ;-) http://blogs.technet.com/rhalbheer/archive...

November 19 – Visual Studio 2008 and .NET Framework 3.5 RTM (Developer, Connected Systems Division) Microsoft made its flagship development tool, Visual Studio 2008, available for download to its developer subscribers. The release also includes technology...

Many people don’t have the time or technical expertise to keep up on PC management and protection. Today Microsoft released the next version of Windows Live OneCare, which provides all-in-one, self-updating PC Care designed to help consumers and small...

In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall...

Derek Melber on MicrosoftWindows Powershell: "If you have not heard of PowerShell you must be living under a rock. If you have heard about PowerShell, then you must have been wondering how and if PowerShell is secure. I saw PowerShell for the first...

"It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes. Once...

The 2007 Microsoft Office Security Guide provides IT professionals with best practices and automated tools to help strengthen the security of computers that run either Windows Vista or Windows XP SP2 and the following applications: Microsoft Office...

"You know about the Storm Trojan, which is spread by the world's largest botnet. But what you may not know is there's now a new peer-to-peer based botnet emerging that could blow Storm away..." http://www.darkreading.com/document.asp?doc_id=138610&WT...

"The information technology revolution has changed the way business is transacted, governments operate, and national defense is conducted. Protection of these systems is essential and continuous efforts to protect them have resulted in exponential growth...

Whether you manage computers in a school computer lab or an Internet cafe, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them. Windows SteadyState...

"Everyone knows that it is important to lock down the resources on the network. The resources that need to be locked down include folders and the files that are contained in them, as well as some Registry keys that are located on servers and workstations...

I just had to create a bootable CD/DVD to offline clean a PC of a friend of mine. So I installed and used the Microsoft Malware Removal Starter Kit: Based on the Windows Preinstallation Environment (Windows PE) kit, great collection for creating a...

A little late for changing the strategy for 2007, but I don't think that the hot topics for 2008 are so dfferent. ;-) http://www.windowsecurity.com/articles/Security-Market-Trends-2007.html Urs

Just found the following list on the internet: 1. Cross site scripting (XSS) 2. Injection flaws 3. Malicious file execution 4. Insecure direct object reference 5. Cross site request forgery 6. Information leakage and improper error handling 7. Broken...

The Common Vulnerability Scoring System, or CVSS for short, is the first and only open framework for scoring the risk associated with vulnerabilities. CVSS is designed to rank information system vulnerabilities and provide an end user with a composite...

I'm tempted to say: Interesting! ;-) http://www.technewsworld.com/story/60111.html Urs

The ubiquity of computers, particularly home computers, has led owners to treat them like refrigerators or toasters -- plugging them in, adjusting some initial settings, and using them until they break or until a different set of features is desired....

Sounds like a funny idea, but no surprise that the spamming-industry is searching for new ways to "influence people! Security firm MessageLabs today reports that it has spotted a massive run of spam sent out in the form of MP3 files and masquerading...

A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft Windows Vista is not affected. The vulnerability has been patched in the October patch cycle: Microsoft Security...

Interesting post summarizing the Security Intelligence Report (SIR). I definitely like the "Microsoft found that machines running Vista and Windows XP SP2 had "significantly" lower infection rates than older Windows operating systems." ;-) http://www...