• German Proposal Gives A New Perspective On 'Spyware'

    Posted over 7 years ago
    by Microsoft Swiss Security Team}

    A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, it's not too hard to reconstruct the audio. Encrypted traffic is another story. German officials have discovered that when suspects use Skype's encryption feature, they aren't able to decode calls even if they have a court order authorizing them to do so. Some law enforcement officials in Germany apparently want to deal with this problem by having courts give them permission to surreptitiously install spying software on the target's computer.

    http://techdirt.com/articles/20071126/174251.shtml

    Urs

     

     

  • Zero Days: How to protect yourself

    Posted over 7 years ago
    by Microsoft Swiss Security Team}

    The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks:
    http://blogs.zdnet.com/security/?p=691

    SANS Top-20 2007 Security Risks (2007 Annual Update):
    http://www.sans.org/top20/

    Urs


     

  • Buffer Overflows Are Top Threat, Report Says

    Posted over 7 years ago
    by Microsoft Swiss Security Team}

    Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline.

    "And in case you were wondering, Microsoft's aggressive initiative to shore up its product security appears to be paying off -- the level of severity of bugs in the software giant's products is declining significantly, according to a security research arm of telecommunications firm Telus."

    http://www.darkreading.com/document.asp?doc_id=139871&f_src=darkreading_section_296

    Urs

     

  • Group Policy related changes in Windows Server 2008

    Posted over 7 years ago
    by Microsoft Swiss Security Team}

    WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008:

    http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html
    http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part2.html
    http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part3.html

    Urs

     

     

  • Researchers warn of AV software risks

    Posted over 7 years ago
    by Microsoft Swiss Security Team}

    ...and why also the development of an AV solution needs to go through a Security Development Lifecycle (SDL)!

    The vulnerabilities in antivirus software make the programs as much a threat, as a help, to corporate network security:
    http://www.securityfocus.com/brief/632?ref=rss

    And did I allready mentioned that neither Windows Live OneCare or Forefront Client Security are on the list? ;-)
    http://www.microsoft.com/forefront
    http://onecare.live.com/standard

    Urs