We got an increase on helpdesk calls in different subsidiaries with regards to a mail that is circulating: The mail claims to be coming from admin@microsoft.com and provides a link to an IE7 (Beta) download site. As always: This is spam and a fake.

If you want some detailed analysis: http://isc.sans.org/diary.html?storyid=2537&rss

Roger

I read this article today Surprise, Microsoft Listed as Most Secure OS. Hmm, actually I like the article (obviously) even though there are a few things I do not understand:

• To me, Microsoft is a company, Windows the OS - but this is not too important
• Then I do not get the start of the title "Surprise" - is it a surprise :-)? We worked hard on getting it done, now it is out and we always said, that Windows Vista is the most secure OS ever and I definitely like to see those statements in the public

This article is based on the Symantec Internet Security Threat Report, which states (as an example):

Microsoft Windows had the shortest average patch development time of the five operating systems in the last six months of 2006. During this period, Windows had an average patch development time of 21 days based on a sample set of 39 patched vulnerabilities (figure 13). This represents an increase over the first six months of 2006, when Windows had an average patch development time of 13 days based on a sample set of 22 vulnerabilities.

Finally, I found this blog entry showing Windows Vista in the first 90 days.

Windows Vista is the most secure Operating System ever!

Roger

Your last line of defense is: Well, the user. In order to help you to address this, we published a Security Awareness Kit, pretty cool stuff. You can get it here: http://www.microsoft.com/technet/security/understanding/awareness.mspx

Roger

It is really interesting to see: At the moment there seems to be a big race to find the first real Windows Vista vulnerability and to go public with it. I know that there are some reports out there claiming that the found THE single biggest issue in Vista. Let's look at one of them:

http://www2.csoonline.com/blog_view.html?CID=32441 - the "vulnerability" in StickyKeys: Well, by exchanging sethc.exe, you can make Vista to launch an application other than StickKeys by pressing five times the Shift-Key. sethc.exe (the file you would have to replace) is located in the windows/system32 directory. In order to replace a file in this directory you have to be - administrator. So, if you are an admin on the box, what sense does it make to replace sethc.exe and wait until the user invokes StickyKeys... You could do whatever you want from this point on.

Let's face it: When you are Admin of the box, you can do all sorts of bad things and UAC does not prevent you from doing whatever nonsese you want to do. Therefore: All the so-called vulnerabilities, where you have to be Admin in order to "exploit" them are nothing more than fuzz. If the attacker is Admin on your box beforehand, you lost anyway. We have to make sure that he/she does not get to this state at all. Afterwards, the show is over

Roger

You remeber for sure the Root DNS Attacks earlier this year, where a DDoS attacked different root servers. There is a pretty good analysis paper by ICANN published now: http://www.icann.org/announcements/factsheet-dns-attack-08mar07.pdf

Gives some insights

Roger