Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

March, 2010

  • Change Your Tweetdeck Account Password

    I love Tweetdeck and adopted it as my primary client on the same day I started using twitter ( http://twitter.com/securityjones ).  Recently I wanted to sync my “view” between my desktop and phone versions of Tweetdeck, so I created a Tweetdeck account (which is how you do that).  Later, when I wanted to change the password, I couldn’t figure out how! If you go to the Tweetdeck web site and login and then view your profile, it just shows a lot of summary information about your twitter account...
  • Be Safer - Run as Standard User

    I do my work as standard user on Windows 7, just as I did with Windows Vista.  It is not a burden.  When I need to do an admin task, I put on my “admin” hat by switching to my admin account specifically and doing my admin thing and then logging off.  I don’t browse, I don’t download stuff, and beyond the first week or so when I set up a new machine, I don’t really need to do it that often.  I think it is a best practice.  Combine it with the improvements in Win7 and IE8 and...
  • Ubuntu CVE Tracker

    Today I was looking at some of the various vendor security and advisory sites and I noticed at the top of the Ubuntu site:  For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker . I had not seen the Ubuntu CVE Tracker before, so I checked out, very interested because of the fact that certain sites continue to assert and report that some Linux distributions do not have any Unpatched issues.  For example, take a look at the page Vulnerability Report: Ubuntu...
  • SPAM of the Day – Trouble Viewing This Social Attack? Read it Online

    I wasn’t really planning to do a “ Spam of the Day” every day, but this one got through all of the filters today and I found it interesting enough to share.  This one combines the use of: E-mail spoofing (the E-mail “from:” field used my own address, with the VIAGRAÂ descriptor) Image spam Social lures, with all embedded URLs point back to “windowplant” <dot> “ru” Who has not gotten used to seeing some variation of this? Trouble viewing this mail? Read it online Image problem? No graphics...
  • Profile of A Global Cybercrime Business – Innovative Marketing

    (Reuters) - Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses. According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications...
  • SDL Awareness and Adoption High Among Security Professionals

    UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get Security? Maybe (Help Net Security) Root issues causing software vulnerabilities Errata Security has released the results of their survey today, Integrating Security into the Software Development LifeCycle , finding that more than half of the participants said they included preventative security activities...
  • Miami-dade Inmates Hack the Phone System, Charge Calls to Strangers

    (Miami Herald) Hacking their way into home fax lines, inmates in Miami-Dade jails are racking up tens of thousands of dollars in collect calls billed to unsuspecting citizens. Recent victims include a South Florida federal judge, a Miami Herald columnist and the county architect who helped design a Miami-Dade jail. Corrections officials say the inmates, with help from accomplices on the outside, have figured out how to forward collect calls through AT&T from a victim's fax line to the inmates...
  • Computerworld: Apple delivers record monster security update

    (Computerworld) Apple [yesterday] patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008. The update dwarfed any released last year, when Apple's largest patched 67 vulnerabilities. "The sheer number, it's almost so daunting that you don't even want to look,"...
  • TJX Hackers Faces Record-Setting 25-Year Cybercrime Sentence

    ( Wired.com ) Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night. “[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest...
  • Woot! New Laptop

    UPDATE: The below screenshot had the default 32-bit Win7 installed. I reinstalled with x64 and the Processor and Memory scores eeked up slightly to 6.3 each So excited to go from here (3.5 year old laptop): to here (new laptop):