Welcome to TechNet Blogs Sign in | Join | Help

March 2006 - Posts

Pescatore (Gartner) on 3rd Party Patch

A pretty cool quote from John Pescatore, Gartner on third-party patches: My neighbor is a smart guy, and he designs medical machinery. However, I'm pretty sure I won't be using his homegrown remedy for bird flu. I'm also really sure I don't want my kids Read More...
Posted Friday, March 31, 2006 8:41 PM by chsecblo | 0 Comments

ActiveX Change can be disabled

Mike Nash just published information about the ActiveX fix on the MSRC blog. The most important part is: New machines that ship with Windows will include the ActiveX change. For our April IE cumulative security update, we will include the IE ActiveX change Read More...
Posted Wednesday, March 29, 2006 9:43 PM by chsecblo | 0 Comments

IE Vulnerability Update

There are at least two third party patches for the IE vulnerability out there. Please be aware of two things: They do not fix the actual vulnerability The application of a third-party-patch is not supported At the end it is part of your risk assessement Read More...
Posted Tuesday, March 28, 2006 9:48 PM by chsecblo | 1 Comments

ActiveX Behavior Change

Several times already we (Microsoft) infomred about a change we will ahve to make in the way we handle ActiveX. On February, 28 we published a Security Advisory to pre-warn about this change: http://www.microsoft.com/technet/security/advisory/912945.mspx Read More...
Posted Monday, March 27, 2006 8:12 PM by chsecblo | 2 Comments

Application Threat Modelling

This February I had to opportunity to meet our internal IT Threat Modelling team together with a customer and I was really impressed how our internal IT is doing threat modelling of applications they are buying and using in our network. Now, they released Read More...
Posted Saturday, March 25, 2006 11:25 PM by chsecblo | 0 Comments

Public IE Vulnerability

I get questions regarding the recently published vulnerability that might crash IE. The best information at the moment regarding this, you can find at the blog of the Microsoft Security Response Center: http://blogs.technet.com/msrc/default.aspx Roge Read More...
Posted Wednesday, March 22, 2006 3:45 PM by chsecblo | 0 Comments

Vista will remove 'low-hanging fruit'

I do not know whether you know John Pescatore, Gartner. He is definitely not, what you can call a Microsoft fan. Today he seems to have made the following statement: "It [Vista] is going to remove the low-hanging fruit. It is going to make it that much Read More...
Posted Friday, March 17, 2006 8:38 PM by chsecblo | 143 Comments

We are at TechDays

I know that we have been pretty slow on blogging over the last weeks but we have been struggling with the preparation for TechDays. They will take place next week in Interlaken immediately after x.days ( www.xdays.ch and www.techdays.ch ). We (Urs and Read More...
Posted Friday, March 17, 2006 8:22 AM by chsecblo | 0 Comments

Vulnerabilities to Sell

The trend continues: Initially there has been the debate around irresponsible and responsible disclosure in the community. You might remember that there have been security researchers out there telling us that the only way to force the vendor to fix security Read More...
Posted Friday, March 17, 2006 8:10 AM by chsecblo | 0 Comments

News from Internet Explorer 7

Last Friday and this Monday we ahd the pleasure to host two persons from the IE-team from Redmond. They ran several presentations and hosted a press roundtable. It is really exiting what we will bring as soon as we release IE7. If you want to prepare, Read More...
Posted Monday, March 06, 2006 5:07 PM by chsecblo | 0 Comments

Problems with Nyxem?

It is pretty interesting: There is often just one AV-vendor making noise around some issues and once again, they are talking about Nyxem. Guess what, they have been the ones talking about Nyxem a month ago, where everybody else was calming down the situation. Read More...
Posted Saturday, March 04, 2006 11:08 PM by chsecblo | 0 Comments

Hybrid Worm (2)???

It seems that I hit the nail yesterday as we had some customer inquiries yesterday and today. Computerworld and some other press articles took this up. Matter of fact is: MARA claims that this virus exists ( http://www.mobileav.org/ ), F-Secure took it Read More...
Posted Thursday, March 02, 2006 8:24 AM by chsecblo | 0 Comments

Hybrid Worm?

F-Secure is claiming news about two new mobile viruses: One the is build on Java 2 Mobile Edition sending SMS to a pay-per-use number in Russia (no wanting to steal money) and the second that would be hybrid to be transferred from a PocketPC to a PC. Read More...
Posted Wednesday, March 01, 2006 9:27 AM by chsecblo | 0 Comments
 
Page view tracker