Microsoft Switzerland Security Blog

One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the “cyber equivalent of fingerprints or DNA” that can identify even the best-cloaked hackers.

http://www.wired.com/dangerroom/2010/01/pentagon-searches-for-digital-dna-to-identify-hackers/

-Urs

TechWorld: Netbook users worried about storing sensitive data on their portables are being offered the world's first whole-disk encryption that will run useably on Intel's Atom processor.

http://news.techworld.com/security/3212192/intel-atom-netbooks-get-whole-disk-encryption/

-Urs

For years computer security experts have been preaching that users should never share the same password across their connected lives — at online banking sites, at Amazon, on their Web mail services, even on their cell phones. Apparently, most people ignore that advice.

It really can't be repeated enough... :-(

http://redtape.msnbc.com/2010/02/for-years-computer-security-experts-have-been-preaching-that-users-should-never-share-the-same-password-across-their-connecte.html

-Urs

Microsoft released a template for applying its Security Development Lifecycle (SDL) methodology to agile software development projects built with the Visual Studio development environment.

http://www.infoworld.com/d/developer-world/microsoft-links-security-guidelines-agile-development-738
http://www.microsoft.com/downloads/details.aspx?FamilyID=c4b44860-cfba-494a-ba43-13c4aecf86af&displaylang=en

-Urs

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to poison users' browser caches in order to present fake Web pages or even steal data at a later time. That’s according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

http://www.computerworld.com/s/article/9151979/How_Wi_Fi_attackers_are_poisoning_Web_browsers?taxonomyId=85 

-Urs

Activists have long grumbled about the privacy implications of the legal backdoors that networking companies like Cisco build into their equipment — functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html 

-Urs

It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies. Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers that struck Google and others.

http://www.wired.com/threatlevel/2010/02/apt-hacks/

-Urs

"We are providing a technical solution that will eliminate the need for a lot of cyber professionals because we just don't have enough of them," Zalmai Azmi says.
Can technology replace the IT security professional to safeguard government information systems?

http://www.govinfosecurity.com/articles.php?art_id=2170 

-Urs

Believe it or not, but the recently introduced, free security solution from Microsoft manages to hold its own against fully-fledged, paid security suites from heavyweight players on the security market, at least when it comes down to generic detection and heuristic techniques.

In fact, Microsoft Security Essentials 1.0, formerly codenamed Morro, fared better than the products from security companies that were fast to downplay the relevance of a free basic solution from the Redmond company.

http://news.softpedia.com/news/Microsoft-Security-Essentials-vs-Kaspersky-Nod32-BitDefender-Symantec-McAfee-128482.shtml

Microsoft Security Essentials can be downloaded here:
http://microsoft-security-essentials.en.softonic.com/
(Note: This is not a Microsoft Download Site)

 Urs

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure — 86 percent of the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14 percent of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26 percent, while just 38 percent encrypt data on mobile devices. And 31 percent — more than any other response — characterize the extent of their use as just enough to meet regulatory requirements.

http://www.informationweek.com/news/security/encryption/showArticle.jhtml?articleID=221900355

-Urs

Using your laptop to get work done away from your office or on the road is becoming widely accepted. But this rapid growth in laptop computing has made portable systems the target for theft around the world. If your laptop computer is stolen, company information can be exposed, as well as your personal and financial information.

http://www.microsoft.com/atwork/security/laptopsecurity.aspx

-Urs

This guide was designed to help IT professionals better understand and use Microsoft security release information, processes, communications, and tools. Our goal is to help IT professionals manage organizational risk and develop a repeatable, effective deployment mechanism for security updates.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3d986d0-ecc3-4ce0-9c25-048ec5b52a4f

-Urs

As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses — each representing one or more computers — are now infected by the worm.
http://www.infosecurity-magazine.com/view/4941/confickers-first-birthday-looms-seven-million-ips-still-infected/

Perhaps a very good idea for the seven millions to look at the free:
Microsoft Security Essentials (MSE) Antimalware Software under:
http://www.microsoft.com/security_essentials/

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

 -Urs

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The seventh volume of the report is now available: http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en

-Urs

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee.

http://news.cnet.com/8301-27080_3-10387768-245.html

The Microsoft Security Intelligence Report (v7) was released today and can be found here:
http://www.microsoft.com/security/portal/Threat/SIR.aspx

The McAfee press release along with report (PDF) can be found here:
http://newsroom.mcafee.com/article_display.cfm?article_id=3591

-Urs