Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. This update also includes a small number of new functionalities, which do not significantly change customers’ experience with the operating system. This...

The Windows Server 2008 Security Guide provides customers with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. The security recommendations in the...

Michael Howard on SDL and the need for it; comments onJeff Jones blogs. See SDL blog: http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx Urs

Last Friday the last of the Windows Server 2008 Security Resource Kit finally went to press! This was a project I had not really planned and so, to complete it in time, I brought in an amazing crew of co-authors. Together, we managed to put together 17...

Spammers have found a new trick that gets around many current anti-spam filters: abusing the "out of the office" auto-respond feature found in legitimate webmail services. http://www.techworld.com/security/news/index.cfm?newsID=11544 Urs

Microsoft's decision last week to let everyone snoop through its software secrets means vulnerabilities and exploits will almost certainly climb in the short term, say security researchers. http://computerworld.co.nz/news.nsf/news/AF914E501CD57B8ACC2573FB00176380...

Companies and political organizations should put more effort into registering mis-typed versions of their primary domain, not only to protect visitors to their Web sites but also to prevent e-mails from accidentally leaking out, a security researcher...

Two security researchers at ShmooCon demonstrated on Saturday how a laptop connected to a VoIP telephone could, in some cases, expose a business' internal network to outsiders. http://www.news.com/8301-10789_3-9873864-57.html Urs

For the german speaking readers, also a link to my citizenship blog entry: "Kriminelle Energie ist überall – auch im Internet" http://swissdialogue.spaces.live.com/blog/cns!F28808344F7E2734!206.entry See also the infosurance webpage about the Swiss...

A management framework for organizing national cybersecurity efforts: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-draft-cybersecurity-framework.pdf Urs

SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance...

Security workers warn that encrypting stored data doesn't truly protect it, and you're fooling yourself if you think so. The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned. http...

Have you ever heard about www.security4kids.ch ? If not, visiting the site should be one of your tasks for today! Especially if you’ve got children aged 7-15 yourself. But let’s go back to the beginning. The website www.security4kids.ch (in German...

Microsoft Corporation commissioned West Coast Labs (WCL) to carry out a series of performance benchmarking tests and metric-based process evaluations of the following products: Microsoft Forefront Client Security McAfee Active VirusScan with...

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan. Leaked documents outline proposals by German firm Digitask to develop software to intercept...

U.S. spies are looking increasingly online for intelligence and they've become major consumers of social media. In keeping with its mandate to gather intelligence, the CIA is watching YouTube. U.S. spies, now under the Director of National Intelligence...

European spam networks have pumped out more unsolicited e-mail than those in the U.S. for the third month in a row, according to security vendor Symantec. Symantec called this a "significant shift" in spam trends as, historically, compromised U.S....

Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say. "I think it's very important … not even just as [a component] of security, but in the broader sense [of] risk posed...

ENISA is presenting the first feasibility study on a European Information Sharing and Alert System (EISAS) to inform SMEs and citizens in the European Union (EU) on threats, vulnerabilities and attacks. http://www.enisa.europa.eu/doc/pdf/studies/EISAS_finalreport...

Teenagers, including children as young as eleven and twelve years old, are increasingly becoming involved in serious cyber-criminal activity that exposes themselves and the users they target to a full range of dangerous repercussions. "Most have absolutely...

If it seems that -- despite your company's best efforts to educate users about security -- users are actually behaving less responsibly, don't panic. Your organization isn't the only one. In fact, Cisco Systems Inc. today is releasing the results of...

Analysis: Wireless phone headsets of the kind beloved by Wall Street executives and high-end law firms can be bugged by simple off-the-shelf radio scanners unless they are encrypted. "These guys are bugging their own office, essentially," security...

The Forensics Plan Guide defines the basic elements of a Forensic Plan from the first initial contact through submission of the final Forensic Report. The document also includes 'The Forensic Cookbook' which illustrates the use of selected products and...

Microsoft has announced plans to add new anti-exploitation APIs into Windows Vista SP1, Windows XP SP3 and Windows Server 2008 as part of a larger plan to secure the Windows ecosystem. According to Michael Howard, a senior program manager in Microsoft...