It is time for some weird messages: A top scientist warns from a possible hack by aliens: http://www.scmagazine.com/us/news/article/529846/et-hack-internet/
Therefore: Do not open e-mails from unkown extraterrestrials
Roger
It is time for some weird messages: A top scientist warns from a possible hack by aliens: http://www.scmagazine.com/us/news/article/529846/et-hack-internet/
Therefore: Do not open e-mails from unkown extraterrestrials
Roger
Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.
http://www.irongeek.com/i.php?page=security/altds
The bad story about this is, that most of the scan engines and removal tools will fail detecting malware "protected" in alternate streams.
Urs
Microsoft on Thursday announced it would pull data on phishing sites from three new partners in an attempt to boost the effectiveness of its anti-fraud technology. The three firms New York based Cyota, Tacoma, Wash. based Internet Identity, and San Francisco based MarkMonitor will provide data to Microsoft on phishing threats and confirmed phishing Web sites. The new data will be used in the current Phishing Filter, a free add on to Microsoft's MSN Search Toolbar, and in the anti-phishing tools integrated within Internet Explorer 7 for Windows Vista and Windows XP SP2. IE 7 is still in beta testing on both platforms.
http://www.securitypipeline.com/news/174300989
The anti-phisshingfilter can be downloaded at: http://addins.msn.com/phishingfilter/
Urs
Microsoft is deeply committed to optimizing the security of its products and services. As part of that commitment, Microsoft strongly supports the Common Criteria certification program¡a commitment that is directly reflected in its successful effort to design Exchange Server 2003 to meet and exceed the security requirements specified for commercially available systems. The efforts by Microsoft are rooted in the conviction that the Common Criteria evaluation and certification system creates a reliable, internationally recognized way for consumers to evaluate and gain confidence in the security of IT products. By defining clear, robust security standards and establishing an independent security evaluation process, the Common Criteria promote the benefits and efficiencies that secure computing environments can provide to individuals, businesses, and governments.
https://www.microsoft.com/technet/
prodtechnol/exchange/2003/e2k3cc.mspx
Urs
Nothing extremely urgent but extremely interesting: The BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany) published a study about VoIP security: http://downloads.bsi-fuer-buerger.de/literat/studien/VoIP/voipsec.pdf (I appologize - in German only). It is about 11MB and 146 pages but interesting to read
Roger