Welcome to TechNet Blogs Sign in | Join | Help

February 2008 - Posts

Windows XP Service Pack 3 Overview

Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. This update also includes a small number of new functionalities, which do not significantly change customers’ experience with the operating system. This Read More...
Posted Thursday, February 28, 2008 9:53 PM by chsecblo | 0 Comments

Windows Server 2008 Security Guide released

The Windows Server 2008 Security Guide provides customers with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. The security recommendations in the Read More...
Posted Thursday, February 28, 2008 6:43 PM by chsecblo | 0 Comments

The First Step on the Road to More Secure Software is admitting you have a Problem

Michael Howard on SDL and the need for it; comments onJeff Jones blogs. See SDL blog: http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx Urs Read More...
Posted Thursday, February 28, 2008 1:45 AM by chsecblo | 0 Comments

Windows Server 2008 Resource Kit

Last Friday the last of the Windows Server 2008 Security Resource Kit finally went to press! This was a project I had not really planned and so, to complete it in time, I brought in an amazing crew of co-authors. Together, we managed to put together 17 Read More...
Posted Thursday, February 28, 2008 1:41 AM by chsecblo | 1 Comments

'Out of office' messages turned into spam relays

Spammers have found a new trick that gets around many current anti-spam filters: abusing the "out of the office" auto-respond feature found in legitimate webmail services. http://www.techworld.com/security/news/index.cfm?newsID=11544 Urs Read More...
Posted Thursday, February 28, 2008 1:29 AM by chsecblo | 3 Comments

Microsoft's glasnost on interoperability means more bugs [?]

Microsoft's decision last week to let everyone snoop through its software secrets means vulnerabilities and exploits will almost certainly climb in the short term, say security researchers. http://computerworld.co.nz/news.nsf/news/AF914E501CD57B8ACC2573FB00176380?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews Read More...
Posted Thursday, February 28, 2008 1:26 AM by chsecblo | 0 Comments

E-mail typosquatting poses leakage threat

Companies and political organizations should put more effort into registering mis-typed versions of their primary domain, not only to protect visitors to their Web sites but also to prevent e-mails from accidentally leaking out, a security researcher Read More...
Posted Thursday, February 28, 2008 1:18 AM by chsecblo | 0 Comments
Filed under: , ,

Hacking the lobby telephone

Two security researchers at ShmooCon demonstrated on Saturday how a laptop connected to a VoIP telephone could, in some cases, expose a business' internal network to outsiders. http://www.news.com/8301-10789_3-9873864-57.html Urs Read More...
Posted Thursday, February 28, 2008 1:12 AM by chsecblo | 0 Comments
Filed under:

Swissdialogue / MS Switzerland Citizenship blog entry: Kriminelle Energie ist überall – auch im Internet

For the german speaking readers, also a link to my citizenship blog entry: "Kriminelle Energie ist überall – auch im Internet" http://swissdialogue.spaces.live.com/blog/cns!F28808344F7E2734!206.entry See also the infosurance webpage about the Swiss Security Read More...
Posted Thursday, February 21, 2008 1:49 PM by chsecblo | 14 Comments

ITU study group Q.22/1 - Report on best practices for a national approach to cybersecurity

A management framework for organizing national cybersecurity efforts: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-draft-cybersecurity-framework.pdf Urs Read More...
Posted Thursday, February 21, 2008 1:28 PM by chsecblo | 1 Comments

Introducing SAFECode [Michael Howard]

SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance Read More...
Posted Thursday, February 21, 2008 1:15 PM by chsecblo | 0 Comments

Encryption Brings New Risks, Experts Say

Security workers warn that encrypting stored data doesn't truly protect it, and you're fooling yourself if you think so. The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned. http://www.pcworld.com/article/id,142305-c,encryption/article.html Read More...
Posted Thursday, February 21, 2008 1:00 PM by chsecblo | 0 Comments
Filed under: , ,

Security for the youngest internet users - Security4Kids

Have you ever heard about www.security4kids.ch ? If not, visiting the site should be one of your tasks for today! Especially if you’ve got children aged 7-15 yourself. But let’s go back to the beginning. The website www.security4kids.ch (in German and Read More...
Posted Thursday, February 21, 2008 12:47 PM by chsecblo | 1 Comments

Microsoft Forefront Client Security benchmark test (West Coast Lab)

Microsoft Corporation commissioned West Coast Labs (WCL) to carry out a series of performance benchmarking tests and metric-based process evaluations of the following products: Microsoft Forefront Client Security McAfee Active VirusScan with McAfee ePO Read More...
Posted Thursday, February 14, 2008 7:53 PM by chsecblo | 13 Comments

German Police Creating LE Trojan

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan. Leaked documents outline proposals by German firm Digitask to develop software to intercept Read More...
Posted Thursday, February 14, 2008 7:51 PM by chsecblo | 0 Comments

CIA Monitors YouTube For Intelligence

U.S. spies are looking increasingly online for intelligence and they've become major consumers of social media. In keeping with its mandate to gather intelligence, the CIA is watching YouTube. U.S. spies, now under the Director of National Intelligence Read More...
Posted Thursday, February 14, 2008 7:49 PM by chsecblo | 1 Comments

Europe still top source of spam

European spam networks have pumped out more unsolicited e-mail than those in the U.S. for the third month in a row, according to security vendor Symantec. Symantec called this a "significant shift" in spam trends as, historically, compromised U.S. computers Read More...
Posted Thursday, February 07, 2008 8:43 AM by chsecblo | 0 Comments

Minimizing User Rights Can Increase Security

Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say. "I think it's very important … not even just as [a component] of security, but in the broader sense [of] risk posed Read More...
Posted Thursday, February 07, 2008 8:42 AM by chsecblo | 0 Comments

EISAS – European Information Sharing and Alert System - A Feasibility Study

ENISA is presenting the first feasibility study on a European Information Sharing and Alert System (EISAS) to inform SMEs and citizens in the European Union (EU) on threats, vulnerabilities and attacks. http://www.enisa.europa.eu/doc/pdf/studies/EISAS_finalreport.pdf Read More...
Posted Thursday, February 07, 2008 8:38 AM by chsecblo | 0 Comments
Filed under: ,

Big trouble with teen hackers

Teenagers, including children as young as eleven and twelve years old, are increasingly becoming involved in serious cyber-criminal activity that exposes themselves and the users they target to a full range of dangerous repercussions. "Most have absolutely Read More...
Posted Thursday, February 07, 2008 8:35 AM by chsecblo | 0 Comments

Remote Workers Still Living Dangerously, Cisco Study Says

If it seems that -- despite your company's best efforts to educate users about security -- users are actually behaving less responsibly, don't panic. Your organization isn't the only one. In fact, Cisco Systems Inc. today is releasing the results of a Read More...
Posted Thursday, February 07, 2008 8:33 AM by chsecblo | 1 Comments

Wireless phone headsets insecure?

Analysis: Wireless phone headsets of the kind beloved by Wall Street executives and high-end law firms can be bugged by simple off-the-shelf radio scanners unless they are encrypted. "These guys are bugging their own office, essentially," security consultant Read More...
Posted Thursday, February 07, 2008 8:29 AM by chsecblo | 0 Comments

Forensics Plan Guide (GIAC)

The Forensics Plan Guide defines the basic elements of a Forensic Plan from the first initial contact through submission of the final Forensic Report. The document also includes 'The Forensic Cookbook' which illustrates the use of selected products and Read More...
Posted Monday, February 04, 2008 1:31 PM by chsecblo | 0 Comments

Microsoft adds new Anti-Exploit APIs into Windows

Microsoft has announced plans to add new anti-exploitation APIs into Windows Vista SP1, Windows XP SP3 and Windows Server 2008 as part of a larger plan to secure the Windows ecosystem. According to Michael Howard, a senior program manager in Microsoft's Read More...
Posted Monday, February 04, 2008 1:28 PM by chsecblo | 0 Comments
 
Page view tracker