Welcome to TechNet Blogs Sign in | Join | Help

September 2005 - Posts

Online Lecture - Ross Anderson: Information Hiding

Over the last five years, techniques for hiding information have become a rapidly growing research topic. Its better-known aspects range from inserting imperceptible copyright marks in digital audio and video, through auctions and elections, to de-identifying Read More...
Posted Tuesday, September 27, 2005 2:55 PM by chsecblo | 0 Comments

Privacy: Google's power makes security officials nervous

Google's power makes security officials nervous. Google has fast become the Internet search engine everyone clicks on to find out nearly anything about anyone, including financial, political and other presumably private data. But national security officials Read More...
Posted Tuesday, September 27, 2005 8:11 AM by chsecblo | 1 Comments

A week in Redmond

During the last week, I have been on the Microsoft Campus in Redmond. We had the Quarterly Meeting of the worldwide Chief Security Advisors. During those meetings we usually meet with the products groups to discuss your needs and our plans.Additionally Read More...
Posted Saturday, September 24, 2005 6:22 PM by chsecblo | 127 Comments

Organisations need a digital evidence plan

Businesses could lose legal disputes and miss out on insurance claims because of their inability to collect and preserve computer and internet-based evidence, experts have warned. While firms are investing heavily in disaster recovery plans for low-probability Read More...
Posted Friday, September 23, 2005 7:07 AM by chsecblo | 2 Comments

NSA granted Net location-tracking patent

The National Security Agency has obtained a patent on a method of figuring out an Internet user's geographic location. Patent 6,947,978, granted Tuesday, describes a way to discover someone's physical location by comparing it to a "map" of Internet addresses Read More...
Posted Friday, September 23, 2005 7:02 AM by chsecblo | 0 Comments

Is the Firefox honeymoon over?

Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months! http://blogs.zdnet.com/Ou/index.php?p=103 Urs Read More...
Posted Wednesday, September 21, 2005 9:00 AM by chsecblo | 0 Comments

Shared Computer Toolkit

Have you ever had the taks to setup a computer that is used by several "public" users? Like at schools, libariries, Internet Cafés etc. Now we have the toolkit to do this - and it is pretty cool. We released it to web today and it can be found here: http://www.microsoft.com/windowsxp/sharedaccess/default.mspx Read More...
Posted Tuesday, September 20, 2005 5:27 AM by chsecblo | 0 Comments

Microsoft aquired Alacris

Since quite some time we are working with Alacris on PKI projects. Alacris' idNexus was always a good and excellently integrated add-on to deliver what we are missing in our PKI, e.g. Registration Authority etc. Now, today we announced that we bought Read More...
Posted Monday, September 19, 2005 4:11 PM by chsecblo | 0 Comments

Beyond "Blaster" - MSRPC Evasions

With the advent of Windows XP Service Pack 2, which enhances Microsoft's RPC security immensely, we should start to see some relief from the manifold MSRPC holes that were ubiquitous over the last several years. However, new and obscure RPC services continue Read More...
Posted Friday, September 16, 2005 8:28 AM by chsecblo | 0 Comments

Companies urged to change their password policies

In today's security climate, passwords are apparently no longer enough to guarantee user authentication. We see a lot more topics arround that aerea and sometimes the conclusions are opposite to each other. See also: http://news.zdnet.co.uk/internet/0,39020369,39218136,00.htm Read More...
Posted Friday, September 16, 2005 8:12 AM by chsecblo | 0 Comments

Keyboard acoustic emanations attack

[berkeley] We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters . There is no need Read More...
Posted Friday, September 16, 2005 8:03 AM by chsecblo | 1 Comments

SONIA Incident Training

Urs seems to be so fast, that I have no way in catching up with his blogging. Anyway, there is something I would like to give you some insights in. I assume that you know about MELANI ( www.melani.admin.ch ) the "Melde- und Analysestelle Internet" - basically Read More...
Posted Thursday, September 15, 2005 7:00 PM by chsecblo | 0 Comments

Welcome to the patterns & practices Security Wiki

Welcome to the patterns & practices Security Wiki! This is where we put our latest thoughts and discoveries in application security. We are constantly talking to customers, industry experts, and security experts inside Microsoft to bring you the latest Read More...
Posted Thursday, September 15, 2005 7:31 AM by chsecblo | 0 Comments

IE7: Hashes to the anti-fishing server? Why not!

[ptorr] Why not use hashes for the Anti-Phishing Filter? Several people have asked why Internet Explorer 7 will send "real" URLs instead of hashes to the AP (Anti-Phishing) server. That's a good question, and I know it's a good question because it's the Read More...
Posted Thursday, September 15, 2005 7:27 AM by chsecblo | 0 Comments

Psst... wanna know a secret? 20 Things They Don't Want You to Know

Psssst! Wanna know a secret? How about a whole bunch of them? Insider tips will help you cut through hype when you shop, save money when you buy, and get the most out of products you already own. http://pcworld.com/howto/article/0,aid,122094,pg,1,00.asp Read More...
Posted Monday, September 12, 2005 10:45 PM by chsecblo | 0 Comments

CISSP and (ISC)2

We just finished our CBK (Common Body of Knowledge) seminar, a one week training covering ten domains of security knowlegde: Access Control Systems and Methodology Applications and Systems Development Security Business Continuity Planning (BCP) and Disaster Read More...
Posted Saturday, September 10, 2005 10:28 AM by chsecblo | 117 Comments

Internet satellite imagery under fire over security

Asian governments have expressed security concerns about easy access to detailed satellite images on the Internet, such as those used by rescuers in New Orleans, saying the technology could endanger sensitive sites. http://today.reuters.com/news... The Read More...
Posted Wednesday, September 07, 2005 9:58 PM by chsecblo | 3 Comments

A major Internet attack: 6 ways to survive

Facing the difficult task of securing systems, experts offer their advice. Given the increasing importance of the data stored on agency computer networks, perhaps one of the most important chapters in Federal Computer Week's Survivors Guide is on securing Read More...
Posted Wednesday, September 07, 2005 9:53 PM by chsecblo | 1 Comments

Court Rules Against Kazaa

We know since quite a long time that often virus/trojan-infected files are distributed via Peer-Neworks as Kazaa and that this poses severe security risks. Now, a court in Austria decided that its users are breaching copyright laws as well: http://today.reuters.com/news/newsArticle.aspx?type=internetNews&storyID=2005-09-05T152751Z_01_FOR523610_RTRIDST_0_NET-MUSIC-KAZAA-DC.XML Read More...
Posted Tuesday, September 06, 2005 9:05 PM by chsecblo | 0 Comments

Ruthless Use of Katrina

This will be a pretty low-blog week as Urs and myself are attending a CISSP training.... Nevertheless, one thing is happening over and over again: Whenever people are hit by a catastrophy we see the spam and fraud to rise around this. How ruthless has Read More...
Posted Monday, September 05, 2005 9:15 PM by chsecblo | 1 Comments

Increase in Mobile Viruses

Vendors Claim Mobile Viruses Worsening. Two vendors of mobile anti-virus products made separate claims this week that attacks on mobile devices are becoming more serious. F-Secure said earlier this week that the Commwarrior B virus has made its first Read More...
Posted Thursday, September 01, 2005 12:50 PM by chsecblo | 0 Comments
 
Page view tracker