Welcome to TechNet Blogs Sign in | Join | Help

March 2008 - Posts

Microsoft scoops up rootkit finder Komoku

The start-up's rootkit detection technology will be added into Microsoft's Windows Live OneCare and Forefront security products. http://www.news.com/8301-13860_3-9899808-56.html?part=rss&subj=news&tag=2547-1_3-0-5 Urs Read More...
Posted Saturday, March 29, 2008 12:38 PM by chsecblo | 0 Comments

Spyware authors offer dollars for downloads

Spyware authors are offering financial rewards to botnet operators and other cyber-criminals who covertly install their spyware, security experts warned today. http://www.vnunet.com/vnunet/news/2212403/spyware-authors-offer-dollars Urs Read More...
Posted Saturday, March 29, 2008 12:33 PM by chsecblo | 0 Comments

IBM: Apple Crumble @ Blackhat

In addition to my previous blog post: http://blogs.technet.com/ms_schweiz_security_blog/archive/2008/03/29/black-hat-who-patches-security-holes-faster-microsoft-or-apple.aspx From IBM Internet Security Systems: http://blogs.iss.net/archive/AppleCrumble.html Read More...
Posted Saturday, March 29, 2008 12:25 PM by chsecblo | 1 Comments

Black Hat: Who patches security holes faster, Microsoft or Apple?

Apple's teasing commercials that imply its software is safer than Microsoft's may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday. Researchers from the Swiss Federal Institute of Technology looked Read More...
Posted Saturday, March 29, 2008 12:21 PM by chsecblo | 1 Comments

Sun and Apple Updates – A Sheer Nuisance!!

From Roger's blog post: http://blogs.technet.com/rhalbheer/archive/2008/03/19/sun-and-apple-update-a-sheer-nuisance.aspx http://blogs.technet.com/rhalbheer/archive/2008/03/25/sun-and-apple-updates-a-sheer-nuisance-part-2.aspx Well, a little bit in the Read More...
Posted Wednesday, March 26, 2008 9:43 AM by chsecblo | 0 Comments

Inside the Twisted Mind of the Security Professional

Bruce Schneier: " Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your Read More...
Posted Wednesday, March 26, 2008 9:33 AM by chsecblo | 0 Comments
Filed under:

Linux Web servers broken into most often

Security portal Zone-H , which documents attacks on and defacements of Web pages, has compiled statistics about the attacks within the last year. Apparently, Linux servers were successfully defaced twice as often as Windows servers. Apache servers were Read More...
Posted Wednesday, March 26, 2008 9:19 AM by chsecblo | 1 Comments

Security researchers show how to hook phishers

Security researchers are cooking up tactics for beating phishing fraudsters at their own game. Phishers perennially set up fraudulent sites on servers they have compromised. But due to the sheer volume of sites that need to be set up to perform a successful Read More...
Posted Wednesday, March 26, 2008 9:16 AM by chsecblo | 0 Comments

Business biometrics raises ID theft risk

The commercial use of biometrics will become widespread in five years, but is not without security risks The growing use of biometrics by businesses to identify individuals is insecure and in need of serious attention, according to one IT systems company. Read More...
Posted Wednesday, March 26, 2008 9:13 AM by chsecblo | 0 Comments

Anatomy of a SQL Injection Incident

Blog Posting from Neil Carpenter: "A number of people are reporting that 10K+ Web sites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database. Since the CSS Security team here at Microsoft Read More...
Posted Wednesday, March 26, 2008 9:06 AM by chsecblo | 0 Comments

Security guide to customs-proofing your laptop

If you travel across national borders, it's time to customs-proof your laptop. Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and Read More...
Posted Wednesday, March 26, 2008 8:57 AM by chsecblo | 0 Comments

New Book: The New School of Information Security

New Book: The New School of Information Security by Adam Shostack and Andrew Stewart About the Author: Adam Shostack is part of Microsoft’s Security Development Lifecycle strategy team, where he is responsible for security design analysis techniques. Read More...
Posted Thursday, March 13, 2008 12:37 PM by chsecblo | 0 Comments
Filed under:

Dropping 22TB of patches on 6,500 PCs in 4 hours: BitTorrent

Apparently, software updates are getting so big these days that simply downloading them from a server is becoming prohibitively time consuming, especially when the same updates need to be applied to many different machines. A Dutch university has some Read More...
Posted Thursday, March 13, 2008 12:25 PM by chsecblo | 1 Comments
Filed under: ,

Generate Your Own Security Code Review Checklist Document

In this post from the ACE Team, they show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007. Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer client Read More...
Posted Wednesday, March 12, 2008 12:51 PM by chsecblo | 5 Comments

Internet Explorer 8 Readiness Toolkit

We just made Internet Explorer 8 Beta 1 available. This could be important if you are developing web applications or just if you are curious! :-) http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install.htm See also: http://channel9.msdn.com/showpost.aspx?postid=388331 Read More...
Posted Wednesday, March 12, 2008 12:19 PM by chsecblo | 0 Comments

Microsoft buys U-Prove technology

Microsoft Corp. hopes to beef up online privacy with the acquisition of the U-Prove technology, the company announced on Thursday. U-Prove was developed by Stefan Brands at Credentica Inc. to allow Internet users to disclose only the minimum amount of Read More...
Posted Wednesday, March 12, 2008 12:13 PM by chsecblo | 0 Comments

Cisco hops onto patching treadmill

Cisco has taken a leaf out of Microsoft's book by adopting a regular patch release cycle. However, the change will apply only to security bugs involving its core IOS software and not all its products. Starting on 26 March, Cisco will release bundles of Read More...
Posted Wednesday, March 12, 2008 12:11 PM by chsecblo | 0 Comments
Filed under: , ,

Model predicts chance of software flaws

Researchers from a German university have developed a model to predict programming errors in applications. The method has the potential to save software companies money by allowing them to isolate parts of their code that need more rigorous testing, said Read More...
Posted Wednesday, March 12, 2008 12:08 PM by chsecblo | 0 Comments

New Method IDs Phishing, Malicious Domains

At a closed-door security summit hosted on Yahoo’s Sunnyvale campus last week, a researcher demonstrated a new technique to more easily identify phishing and other malicious Websites. Dan Hubbard, vice president of security research for Websense, showed Read More...
Posted Wednesday, March 12, 2008 12:05 PM by chsecblo | 0 Comments

A guide to basic computer forensics

While some investigations rely on highly trained professionals using expensive tools and complex techniques, there are easier, cheaper methods you can use for basic investigation and analysis. In this article, we will focus on computer forensic techniques Read More...
Posted Wednesday, March 12, 2008 11:56 AM by chsecblo | 0 Comments

APWG Releases Phishing Activity Trends

The Anti-Phishing Working Group (APWG) has just released their Phishing Activity Trends Report for the month of December. Overall, the report showed a decrease in activity from the previous month; however, there were a few notable exceptions. It appears Read More...
Posted Wednesday, March 12, 2008 11:50 AM by chsecblo | 3 Comments

Ballmer Outlines Vision For Next Computing Revolution

The rise of PCs, graphical user interfaces, the Internet, and Web 2.0 technologies have obviously had major impacts on the IT industry, but according to Microsoft (NSDQ:MSFT) CEO Steve Ballmer, the computing revolution that's about to take place will Read More...
Posted Monday, March 10, 2008 10:25 AM by chsecblo | 0 Comments

Identity management critical for security, government IT shops say

A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also said Read More...
Posted Friday, March 07, 2008 10:14 AM by chsecblo | 0 Comments

Study: Consumers Don't Use Anti-Phishing Defenses

"Across the globe, Windows Internet Explorer 7 has more than 100 million users seeing green," VeriSign said in a press release about Extended Validation SSL technology earlier this month. About 5,000 sites are using the new technology, which gives users Read More...
Posted Friday, March 07, 2008 10:11 AM by chsecblo | 0 Comments
 
Page view tracker