Welcome to TechNet Blogs Sign in | Join | Help

November 2007 - Posts

German Proposal Gives A New Perspective On 'Spyware'

A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, Read More...
Posted Thursday, November 29, 2007 1:29 PM by chsecblo | 0 Comments

Zero Days: How to protect yourself

The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks: http://blogs.zdnet.com/security/?p=691 SANS Read More...
Posted Thursday, November 29, 2007 1:26 PM by chsecblo | 0 Comments
Filed under:

Buffer Overflows Are Top Threat, Report Says

Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline. "And in case you were wondering, Microsoft's aggressive initiative to shore up its product security appears to be paying off Read More...
Posted Tuesday, November 27, 2007 4:25 PM by chsecblo | 0 Comments

Group Policy related changes in Windows Server 2008

WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part2.html Read More...
Posted Tuesday, November 27, 2007 1:32 PM by chsecblo | 0 Comments

Researchers warn of AV software risks

...and why also the development of an AV solution needs to go through a Security Development Lifecycle (SDL)! The vulnerabilities in antivirus software make the programs as much a threat, as a help, to corporate network security: http://www.securityfocus.com/brief/632?ref=rss Read More...
Posted Monday, November 26, 2007 1:18 PM by chsecblo | 2 Comments

Yankee Group Study and People, Process and Technology

Roger has posted a very good article based on the Yankee group report. I especially like hes linking to existing (or almost existing) technology. I know, it's a bit long, but worthwile to read every word! ;-) http://blogs.technet.com/rhalbheer/archive/2007/11/20/are-you-ready-for-your-users-of-the-near-future.aspx Read More...
Posted Wednesday, November 21, 2007 3:05 PM by chsecblo | 0 Comments
Filed under: ,

Visual Studio 2008 and .NET Framework 3.5 released to manufacturing (RTM)

November 19 – Visual Studio 2008 and .NET Framework 3.5 RTM (Developer, Connected Systems Division) Microsoft made its flagship development tool, Visual Studio 2008, available for download to its developer subscribers. The release also includes technology Read More...
Posted Monday, November 19, 2007 11:22 AM by chsecblo | 0 Comments

Microsoft Windows OneCare 2.0 released

Many people don’t have the time or technical expertise to keep up on PC management and protection. Today Microsoft released the next version of Windows Live OneCare, which provides all-in-one, self-updating PC Care designed to help consumers and small Read More...
Posted Saturday, November 17, 2007 2:14 AM by chsecblo | 0 Comments

Unpatched database servers on the Internet

In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall. Read More...
Posted Saturday, November 17, 2007 2:03 AM by chsecblo | 3 Comments
Filed under: , ,

Microsoft PowerShell Security

Derek Melber on MicrosoftWindows Powershell: "If you have not heard of PowerShell you must be living under a rock. If you have heard about PowerShell, then you must have been wondering how and if PowerShell is secure. I saw PowerShell for the first time Read More...
Posted Thursday, November 15, 2007 7:09 PM by chsecblo | 1 Comments

Expect more PKI in 2008

"It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes. Once Read More...
Posted Thursday, November 15, 2007 6:56 PM by chsecblo | 0 Comments
Filed under: , ,

2007 Microsoft Office Security Guide released

The 2007 Microsoft Office Security Guide provides IT professionals with best practices and automated tools to help strengthen the security of computers that run either Windows Vista or Windows XP SP2 and the following applications: Microsoft Office Word Read More...
Posted Thursday, November 15, 2007 6:44 PM by chsecblo | 2 Comments
Filed under: , ,

The World's Biggest Botnets

"You know about the Storm Trojan, which is spread by the world's largest botnet. But what you may not know is there's now a new peer-to-peer based botnet emerging that could blow Storm away..." http://www.darkreading.com/document.asp?doc_id=138610&WT.svl=news1_1 Read More...
Posted Sunday, November 11, 2007 1:03 PM by chsecblo | 0 Comments

Proactively Managing Security Risk

"The information technology revolution has changed the way business is transacted, governments operate, and national defense is conducted. Protection of these systems is essential and continuous efforts to protect them have resulted in exponential growth Read More...
Posted Thursday, November 08, 2007 8:09 AM by chsecblo | 0 Comments

Protect Public Computers with Windows SteadyState

Whether you manage computers in a school computer lab or an Internet cafe, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them. Windows SteadyState Read More...
Posted Wednesday, November 07, 2007 10:13 PM by chsecblo | 0 Comments

Controlling Resource Permissions 101

"Everyone knows that it is important to lock down the resources on the network. The resources that need to be locked down include folders and the files that are contained in them, as well as some Registry keys that are located on servers and workstations Read More...
Posted Wednesday, November 07, 2007 10:11 PM by chsecblo | 0 Comments

Microsoft Malware Removal Starter Kit (MRST)

I just had to create a bootable CD/DVD to offline clean a PC of a friend of mine. So I installed and used the Microsoft Malware Removal Starter Kit: Based on the Windows Preinstallation Environment (Windows PE) kit, great collection for creating a rescue Read More...
Posted Wednesday, November 07, 2007 9:53 PM by chsecblo | 0 Comments

Security Market Trends for 2007

A little late for changing the strategy for 2007, but I don't think that the hot topics for 2008 are so dfferent. ;-) http://www.windowsecurity.com/articles/Security-Market-Trends-2007.html Urs Read More...
Posted Wednesday, November 07, 2007 9:50 PM by chsecblo | 0 Comments

The top 10 reasons why websites get hacked

Just found the following list on the internet: 1. Cross site scripting (XSS) 2. Injection flaws 3. Malicious file execution 4. Insecure direct object reference 5. Cross site request forgery 6. Information leakage and improper error handling 7. Broken Read More...
Posted Monday, November 05, 2007 8:49 AM by chsecblo | 0 Comments

Common Vulnerability Scoring System (CVSS) Explained

The Common Vulnerability Scoring System, or CVSS for short, is the first and only open framework for scoring the risk associated with vulnerabilities. CVSS is designed to rank information system vulnerabilities and provide an end user with a composite Read More...
Posted Monday, November 05, 2007 8:43 AM by chsecblo | 1 Comments

IBM Places $1.5B Bet on Security Push

I'm tempted to say: Interesting! ;-) http://www.technewsworld.com/story/60111.html Urs Read More...
Posted Friday, November 02, 2007 10:08 AM by chsecblo | 0 Comments

The Increasing Complexity of the New Spyware Landscape

The ubiquity of computers, particularly home computers, has led owners to treat them like refrigerators or toasters -- plugging them in, adjusting some initial settings, and using them until they break or until a different set of features is desired. Read More...
Posted Friday, November 02, 2007 10:06 AM by chsecblo | 0 Comments

Singing SPAM

Sounds like a funny idea, but no surprise that the spamming-industry is searching for new ways to "influence people! Security firm MessageLabs today reports that it has spotted a massive run of spam sent out in the form of MP3 files and masquerading as Read More...
Posted Friday, November 02, 2007 10:01 AM by chsecblo | 0 Comments

Attack code out in the wild for critical Kodak bug in Windows

A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft Windows Vista is not affected. The vulnerability has been patched in the October patch cycle: Microsoft Security Read More...
Posted Friday, November 02, 2007 9:56 AM by chsecblo | 1 Comments

Malicious Software Is the Real Pandemic

Interesting post summarizing the Security Intelligence Report (SIR). I definitely like the "Microsoft found that machines running Vista and Windows XP SP2 had "significantly" lower infection rates than older Windows operating systems." ;-) http://www.itepistemology.com/2007/10/malicious-software-is-real-pandemic.html Read More...
Posted Friday, November 02, 2007 9:49 AM by chsecblo | 0 Comments

Bots Rise in the Enterprise

Who says bots are just for home PCs? Turns out bot infections in the enterprise may be more widespread than originally thought. http://www.darkreading.com/document.asp?doc_id=137602&WT.svl=news1_3 Urs Read More...
Posted Friday, November 02, 2007 9:46 AM by chsecblo | 0 Comments

PDF spam back with a vengeance

PDF spam, the nuisance that flooded inboxes in early August and then quickly disappeared, is back and worse than ever. According to multiple threat researchers at security vendors, tens of thousands of spam messages were blasted out last week with attached Read More...
Posted Friday, November 02, 2007 9:43 AM by chsecblo | 0 Comments
 
Page view tracker