Welcome to TechNet Blogs Sign in | Join | Help

December 2007 - Posts

Using Autoplay on Vista To Stop Attacks (Islandhoping)

The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today's security-conscious IT environments, people Read More...
Posted Sunday, December 30, 2007 10:15 AM by chsecblo | 1 Comments

Tech Insight: Microsoft's IPSec and NAP/NAC

Windows' built-in security capabilities offer endpoint alternative to NAP/NAC Microsoft’s support of the IP Security (IPSec) standard was enhanced with the release of Windows Vista this year, and interest in the technology will likely grow with the introduction Read More...
Posted Saturday, December 29, 2007 7:24 PM by chsecblo | 2 Comments

Microsoft Files Patent for HoneyMonkey Exploit Finder

Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by our internal research unit. The claim, currently being reviewed at Peer-to-Patent. The HoneyMonkey system, first discussed in August 2005, is best Read More...
Posted Saturday, December 29, 2007 7:19 PM by chsecblo | 0 Comments

One-fifth of Windows apps go unpatched

Updates are available, but users haven't installed them, says Secunia. One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9054502&source=NLT_PM&nlid=8 Read More...
Posted Saturday, December 29, 2007 7:15 PM by chsecblo | 2 Comments

Future Phishing

Forget the Nigerian prince. Phishing scams are moving beyond the misspelled, far-fetched ruses that clog your in-box and beg for your bank codes. In the year to come, security professionals are warning of bank code-stealing exploits that are much slicker Read More...
Posted Saturday, December 29, 2007 7:13 PM by chsecblo | 1 Comments

US State Department issues Top 10 list of security threats for US businesses

THE ASSOCIATED PRESS/WASHINGTON - U.S. businesses faced varied threats in 2007 - including cyberattacks in Europe, theft of intellectual property in Asia, natural disasters in Latin America, terrorism on many continents - according to a year-end analysis Read More...
Posted Saturday, December 29, 2007 7:11 PM by chsecblo | 2 Comments
Filed under: ,

New Microsoft Security Vulnerability Research and Defense blog

The Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks. http://blogs.technet.com/swi/ Urs Read More...
Posted Friday, December 28, 2007 11:21 PM by chsecblo | 1 Comments

THE CABLE GUY: Network Policy Server

Nothing’s more critical to the health of your enterprise than a secure network, and Network Policy Server (NPS), new in Windows Server 2008, is an important tool for managing access. It lets you implement organization-wide policies, providing centralized Read More...
Posted Friday, December 28, 2007 11:15 AM by chsecblo | 0 Comments

A very long list of new Microsoft products for 2008...

Bink.nu has an extensive list of new software that Microsoft will be unleashing in the marketplace. See yourself: http://blogs.technet.com/tarpara/archive/2007/12/25/microsoft-s-new-year-is-gonna-bring-a-lot-of-change.aspx Urs Read More...
Posted Friday, December 28, 2007 11:13 AM by chsecblo | 1 Comments

Microsoft SQL Server 2008 Encryption (TechArticles)

Two interesting blogs found on Microsoft SQL Server 2008 and encription: SQL Server 2008 Encryption Keys http://blogs.technet.com/andrew/archive/2007/12/24/sql-server-2008-encryption-keys.aspx SQL Server 2008 Transparent Data Encryption and Replication Read More...
Posted Friday, December 28, 2007 11:07 AM by chsecblo | 1 Comments

MERRY CHRISTMAS AND A HAPPY NEW YEAR / FRÖHLICHE WEIHNACHTEN UND EIN GUTES NEUES JAHR!

Yes, I know, another one of these posts... I'm not sure if this will be the last post of this year, but it's definitely a good moment to say thank you to all the readers, customers and colleagues and to wish you all the best! Looking back, this was a Read More...
Posted Monday, December 24, 2007 9:33 AM by chsecblo | 2 Comments

Study: IT Pros More Concerned about Data Loss than Spam, Malware

Microsoft’s Forefront team has posted a new study conducted for Microsoft by CMG Market Research measuring the perceptions of 1,274 information technology (IT) managers in the U.S. toward 12 security concerns, such as malware, temporary workers, hackers, Read More...
Posted Friday, December 21, 2007 2:46 PM by chsecblo | 1 Comments

Consumers strongly prefer to buy from companies that have not suffered data leaks, losses or theft

Consumers strongly prefer to buy from companies that have not suffered data leaks, losses or theft, according to a new survey conducted for Check Point Software Technologies Ltd. The Check Point & YouGov survey of over 2100 British consumers highlighted Read More...
Posted Friday, December 21, 2007 2:42 PM by chsecblo | 3 Comments

Survey Finds that 54% of Wireless Users Steal Wi-Fi Access

Security firm Sophos reported that 54% of wireless users interviewed have admitted to using someone else's wireless Internet access. In a report, done by the firm on behalf of The Times, many Wi-Fi users fail to properly secure their wireless connection Read More...
Posted Friday, December 21, 2007 2:36 PM by chsecblo | 1 Comments
Filed under: , , ,

Judge: Man can't be forced to divulge encryption passphrase

Interesting... also how that wouldbe handled outside of the US. A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase. Read More...
Posted Friday, December 21, 2007 2:33 PM by chsecblo | 0 Comments

How Microsoft does IT - Showcase information and documentation from Microsoft IT

Microsoft IT is regularly posting articles as best practices information about how Mirosoft's internal IT is operating their systems and services. I have picked out some interesting and security related posts: Enabling Information Security through HBI Read More...
Posted Tuesday, December 18, 2007 8:47 AM by chsecblo | 1 Comments

Fewer patches != safer OS

Does one OS having fewer security patches than another operating system mean that the OS with the fewer patches is the safest OS? You know, I’m not sold on that concept. As we near the first anniversary of the consumer launch of Windows Vista we’ll be Read More...
Posted Monday, December 17, 2007 10:41 AM by chsecblo | 1 Comments

Ninety-five percent of e-mails sent in 2007 are junk

Barracuda Networks released its annual spam report, which shows between 90 to 95 percent of all e-mail sent in 2007 is spam. This is based on an analysis of more than 1 billion daily e-mail messages sent to its more than 50,000 customers worldwide. The Read More...
Posted Monday, December 17, 2007 10:39 AM by chsecblo | 394 Comments

Enterprise@Risk: 2007 Privacy & Data Protection Survey

Reportable and multiple privacy breaches rising at alarming rate! Personally identifiable information of customers and employees is being exposed – frequently and repeatedly – potentially putting hundreds of thousands of individuals at risk and exposing Read More...
Posted Monday, December 17, 2007 10:37 AM by chsecblo | 1 Comments

Windows Vista SP1 documentation

Windows Vista Service Pack 1 (Generic Overview and entry point) http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true Some interesting topics out of the hole documentation: Overview of Windows Vista Read More...
Posted Monday, December 17, 2007 10:26 AM by chsecblo | 1 Comments

Microsoft Security Assessment Tool (MSAT) Version 3.5 released

Microsoft has released the Microsoft Security Assessment Tool (MSAT) Version 3.5 is released on the Microsoft Download Center. http://www.microsoft.com/downloads/details.aspx?FamilyId=6D79DF9C-C6D1-4E8F-8000-0BE72B430212&displaylang=en . MSAT is targeted Read More...
Posted Thursday, December 13, 2007 3:20 PM by chsecblo | 0 Comments
Filed under: , ,

Microsoft Office 2007 SP1 released

The 2007 Microsoft Office suite Service Pack 1 delivers important customer-requested stability and performance improvements, while incorporating further enhancements to user security. This service pack also includes all of the updates released for the Read More...
Posted Wednesday, December 12, 2007 7:09 PM by chsecblo | 0 Comments

Warning sounded over 'flirting robots' ;-)

Those entering online dating forums risk having more than their hearts stolen. A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according Read More...
Posted Wednesday, December 12, 2007 7:56 AM by chsecblo | 0 Comments
Filed under: ,

End Users Flout Enterprise Security Policies

Separate studies show many users understand rules, but they break them anyway. According to the RSA study, about 35 percent of workers routinely make a conscious decision to break enterprise security policy because they want to expedite their work or Read More...
Posted Wednesday, December 12, 2007 7:53 AM by chsecblo | 0 Comments
Filed under: , ,

Are criminal to criminal (C2C) networks making cyber crime too easy?

With the FBI's announcement of Operation Bot Roast II detailing the arrests of several bot-herders infecting computer systems on an International basis, it's become apparent that a lot of crime is going on with the click of a mouse. One of the more amazing Read More...
Posted Wednesday, December 12, 2007 7:51 AM by chsecblo | 0 Comments
Filed under: ,

Windows Server 2008 Administrative Delegation Techniques

Ever since Microsoft released Windows 2000 way back when, the options for delegating certain tasks have been available. The concepts of delegation can be a bit confusing, but in the core of what the delegation provides is essential to an efficient network. Read More...
Posted Monday, December 10, 2007 11:01 AM by chsecblo | 0 Comments

Group Policy related changes in Windows Server 2008 (updated)

I have already written about that, but now, Part 3 is available as well: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part3.html Group Policy related changes in Windows Server 2008 WindowsSecurity.com article Read More...
Posted Monday, December 10, 2007 10:57 AM by chsecblo | 0 Comments

Malvertising

Malvertising (malicious advertising) is a reasonably fresh take on an online criminal methodology that appears focused on the installation of unwanted or outright malicious software through the use of internet advertising media networks, exchanges and Read More...
Posted Monday, December 10, 2007 10:47 AM by chsecblo | 0 Comments

US-CERT: IT Security Essential Body of Knowledge (EBK)

IT Security Essential Body of Knowledge (EBK) A Competency and Functional Framework for IT Security Workforce Development Overview: The IT Security EBK conceptualizes IT security skill requirements in a new way to address evolving IT security challenges. Read More...
Posted Friday, December 07, 2007 5:03 AM by chsecblo | 0 Comments
Filed under:

Did Microsoft's Security Focus Hurt Vista Adoption?

Microsoft's emphasis on improvements to security features in Windows Vista may have undermined business adoption of the OS, as many business and enterprise customers are still holding off on upgrading to the OS nearly a year after its release to them. Read More...
Posted Friday, December 07, 2007 4:59 AM by chsecblo | 0 Comments

FBI 'BOT ROAST II' Cracking Down on Cyber Crime

The FBI published a press release titled, "BOT ROAST II Cracking Down on Cyber Crime." This article highlights the positive new developments resulting from the FBI`s investigations including three new indictments. http://www.fbi.gov/page2/nov07/botnet112907.html Read More...
Posted Friday, December 07, 2007 4:55 AM by chsecblo | 0 Comments
Filed under:

The next generation of security threats

This is part 3 in a series examining how Microsoft's security strategy has evolved over the past decade. Very intersting reading: http://www.news.com/The-next-generation-of-security-threats/2009-7349_3-6221150.html Robert Hensing: "That's one thing I Read More...
Posted Thursday, December 06, 2007 3:44 PM by chsecblo | 0 Comments

Travelling a lot? 3 ways to protect your laptop on the road

The newest laptops are powerful, light, and thin enough to fit easily into the slenderest of carry-on baggage. This makes them a great accessory for flying or any other mode of travel, but also easier to lose or have stolen. It pays to be extra vigilant Read More...
Posted Thursday, December 06, 2007 10:43 AM by chsecblo | 1 Comments

MSRC 10-year anniversary series of Ina Frieds

This is part 1 in a series examining how Microsoft's security strategy has evolved over the past decade. REDMOND, Wash.--With a measure of pain, Matt Thomlinson recalls the summer of 2003. http://www.news.com/At-software-giant%2C-pain-gives-rise-to-progress/2009-7349_3-6220566.html Read More...
Posted Wednesday, December 05, 2007 9:09 AM by chsecblo | 0 Comments
Filed under: , ,

Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD)

Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft Read More...
Posted Wednesday, December 05, 2007 8:57 AM by chsecblo | 0 Comments
Filed under: ,

Internet Explorer and Firefox Vulnerability Analysis Report

Jeff Jones on his blog about the Internet Explorer and Firefox Vulnerability Analysis Report: For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services Read More...
Posted Saturday, December 01, 2007 8:50 AM by chsecblo | 2 Comments

The first year of IE7

It’s been a little over a year since Microsoft released IE7 on Windows XP and for Windows Vista. According to internal Microsoft research based on data from Visual Sciences Corporation, there are over 300 million users are experiencing the web with IE7. Read More...
Posted Saturday, December 01, 2007 8:46 AM by chsecblo | 1 Comments
 
Page view tracker