Friday, July 28, 2006

Microsoft will distribute Internet Explorer 7 as a high-priority

Microsoft will distribute Internet Explorer 7 as a high-priority update via Automatic Updates soon after the final version is released for Windows XP, planned for the fourth quarter of 2006.

/Gill

Sunday, July 16, 2006

Hands On: How to Install Windows Vista Beta

July 12, 2006 (Computerworld) -- Microsoft last month made Windows Vista Beta 2 publicly available for download or delivery on DVD via its Windows Vista Consumer Preview Program (CPP). The CPP closed to new registrations on June 30, and it appears Microsoft will not reopen it when Vista Release Candidate 1 arrives, but all registered CPP users will be offered RC1 as well.
What's the best way to install and test Windows Vista? There are three main ways to do so gracefully. There are also one or two tricks of the trade.

Read the rest of the guide..

Saturday, July 15, 2006

very comprehensive list of Windows Update error codes

Phishing Attack Defeats Two-Factor Authentication

from: The SANS Institute [NewsBites@sans.org]

(13 & 10 July 2006)
Phishers are targeting Citibank Citibusiness customers using a man-in-the-middle attack to exploit people's trust in two-factor authentication. The scheme, if successful, would provide the phishers with Citibank Citibusiness customers' names and passwords in addition to temporary passwords generated by security tokens. The scheme passes on the customers' entered information to the legitimate site to see if it authentic. In a real-time attack scenario, the temporary passwords could be used before they expire. The phony site has reportedly been shut down.
http://www.vnunet.com/vnunet/news/2160250/phishers-crack-two-factor
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html

Legendary hacker and author Kevin Mitnick has produced a whitepaper

Legendary hacker and author Kevin Mitnick has produced a whitepaper in which he details several scenarios in which social engineering exposed significant vulnerabilities that lead to corporate attacks.

People who have read Kevin's books and who like his style of writing will also enjoy the paper. What I find most valuable about this paper is that Mitnick remains neutral in his approach when he outlines his "Best Practices" approach to protection. He does a thorough analysis of various techniques and methodologies for mitigating risk and locking down endpoints, while allowing users enough flexibility to perform their jobs.

People can download the whitepaper in PDF format from www.appsense.com/mitnick
It's a good read, I would recommend it for anyone security inclined even if you just download it and save it for a rainy day :o)

resource:security-basics@securityfocus.com

Saturday, July 08, 2006

The Depressing State Of Computer Security

From WServerNews.com newsletter.

Perhaps you know Roger Grimes. He's an InfoWorld Test Center Contributing Editor, Writes for WinITPro Mag, and is a Foundstone Ultimate Hacking instructor/consultant teaching Windows, Linux, Unix, and Solaris security.
His column this week was as depressing as it was interesting. He puts all his 10 fingers smack in the middle of many sore spots.
It was revealing and entertaining to read his admittedly gloomy perspective on security, but he did say that next week's column will point to some solutions. In the mean time, read this and get yourself trained as an IT security specialist. There will be a lot of work for -years- to come !