It is definitely not new but from time to time information leaks thorugh the improper use of the "Track Changes" functionality in Word. But it time it is pretty havy - this time we are talking of a summary of the report written by Detelv Mehlis, the German proescutor heading up for the Hariri-case. If you want to see the whole story: http://www.gcn.com/vol1_no1/daily-updates/37416-1.html

If you want to avoid such kind of leakage, please see the KB about How to minimize Metadata in Office Documents on http://support.microsoft.com/kb/223396/ and check the Remove Hidden Data  tool on http://support.microsoft.com/default.aspx?scid=kb;en-us;834427

Roger

Since weeks now we hear a lot of chatter about attacks on the October security updates. It is true that there are several Exploits and Proof of Concepts available. Bur looking at all the messages we see on the net, I think that you have to be extremely careful. Most of the messages are wrong and have to be withdrawn hours after they have been published.

Therefore – I think the safest way to address this is now to roll out the security updates.

Roger

Microsoft® Phishing Filter Add-in for MSN® Search Toolbar (Beta)
Dynamic Service Helps Protect Against Fraudulent Websites and Personal Data Theft

Phishing (pronounced "Fishing") is one of the fastest growing threats on the Internet and a form of identity theft. It refers to high-tech scams using phony web sites with actual brands designed to steal valuable personal information such as usernames, passwords, credit card numbers, and Social Security numbers.

Phishers use many tactics including creating and sending links to fraudulent Web sites or e-mail messages that appear to be valid in an attempt to fool you into submitting personal, financial, and password information. Often an e-mail will be sent containing a link taking you to a fraudulent Web site appearing to be valid (like your bank or mortgage company) so that you'll enter your personal information. By using well-known, trusted brand names and logos, phishers are able to convince you to respond to them.

The Phishing Filter Add-in offers access to the beta version of a new dynamic online service, updated several times an hour to warn you and help protect your personal information from these fraudulent websites by:

• Scanning websites you visit and warning you if they are potentially suspicious.
• Dynamically checking the web sites you visit with up to the hour online information via an online service run by Microsoft and blocking you from sharing personal information if a site is a known phishing website.

http://addins.msn.com/phishingfilter/

Urs

We get a lot of questions about MS05-051 and whether there are issues with this Update. Yes, we know about isolatied problems and documented them in a knowledgebase article: http://www.microsoft.com/technet/security/advisory/909444.mspx

I would like to mention that this is a critical update, which should be deployed immediatly if you have not already done so. It could lead to a major attack on the Internet

Roger

Have you ever wondered how you could reduce the privileges a browser (I mean any browser) has in order to do safer browsing? There is an easy option written by Michael Howard. You can look at the description of the tool as well as download the tool at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp.

Additionally there is a description of the tool at Reducing Browser Privileges: http://online.securityfocus.com/infocus/1848

Have fun

Roger