Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Wednesday, December 01, 2010
Sunday, February 15, 2009
Android Browser Vulnerability So Dangerous, Owners are Warned not to use it - JCXP
Android Browser Vulnerability So Dangerous, Owners are Warned not to use it - JCXP:
"Android Browser Vulnerability So Dangerous, Owners are Warned not to use it"
Read more... http://www.jcxp.net/news.php?newsid=2618
"At the Schmoocon hacker conference last Friday, security researcher Charlie Miller brought up a disturbing vulnerability within Google's Android browser that allows remote computers to take control of the browser itself, as well as other related processes, effectively compromising the phone."
It is easy to put down Microsoft IE for it's security flaws when they appear but there is a huge process in place which takes care of those and makes millions of transactions everyday either on the internet or intranet secure, fast and effortless.
Google is going to learn this now.
"Android Browser Vulnerability So Dangerous, Owners are Warned not to use it"
Read more... http://www.jcxp.net/news.php?newsid=2618
"At the Schmoocon hacker conference last Friday, security researcher Charlie Miller brought up a disturbing vulnerability within Google's Android browser that allows remote computers to take control of the browser itself, as well as other related processes, effectively compromising the phone."
It is easy to put down Microsoft IE for it's security flaws when they appear but there is a huge process in place which takes care of those and makes millions of transactions everyday either on the internet or intranet secure, fast and effortless.
Google is going to learn this now.
Wednesday, January 21, 2009
Taking care of Win32/Conficker.B/Downadup infections.
Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s anit-virus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:
In response to this threat, Microsoft has:
· Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.
· Created the KB article 962007 “Virus alert about the Win32/Conficker.B worm” to
provide public details on the symptoms and removal methods available to address this issue.
· Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.
In response to this threat, Microsoft has:
· Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.
· Created the KB article 962007 “Virus alert about the Win32/Conficker.B worm” to
provide public details on the symptoms and removal methods available to address this issue.
· Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.
Friday, December 19, 2008
Manually undo MS08-078 mitigations
Based the following Jesper's blog entry, http://msinfluentials.com/blogs/jesper/archive/2008/12/18/you-need-to-manually-undo-your-ms08-078-mitigations.aspx.
Thursday, December 18, 2008
Internet Explorer Security alert.
If you are using Internet Explorer 5,6,7 and 8 Beta 2 installed on your PC/laptop, a potential security issue has been publicly reported with Internet Explorer that is currently being investigated by Microsoft.
Until Microsoft issue a response it is strongly recommend you take the following precautionary steps when browsing.
· Only browse to sites that are known to you.
· Do not open any links to web sites in e-mails if the site or the sender is unknown to you.
· Only run with administrator rights when absolutely necessary to reduce the severity of a security attack.
Further details will follow when they are issued from Microsoft. You can view the full Microsoft security advisory here
http://www.microsoft.com/technet/security/advisory/961051.mspx
Until Microsoft issue a response it is strongly recommend you take the following precautionary steps when browsing.
· Only browse to sites that are known to you.
· Do not open any links to web sites in e-mails if the site or the sender is unknown to you.
· Only run with administrator rights when absolutely necessary to reduce the severity of a security attack.
Further details will follow when they are issued from Microsoft. You can view the full Microsoft security advisory here
http://www.microsoft.com/technet/security/advisory/961051.mspx
Tuesday, December 09, 2008
integrating ADAM with WSS 3.0
Here is a good read on how to get ADAM integration with WSS 3.0 for extranet type configuration.
https://blogs.pointbridge.com/Blogs/morse_matt/Pages/Post.aspx?_ID=2
The ADAM is one of the many authentication that be plugged into WSS/MOSS. This is the service provided by ASP.net provider model. For scalability i would rather be using SQL Server to store names/password. The good thing with ADAM if it can be integrated into ISA 2006 as well so it could do pre-authentication. SQL cannot be in that sense.
https://blogs.pointbridge.com/Blogs/morse_matt/Pages/Post.aspx?_ID=2
The ADAM is one of the many authentication that be plugged into WSS/MOSS. This is the service provided by ASP.net provider model. For scalability i would rather be using SQL Server to store names/password. The good thing with ADAM if it can be integrated into ISA 2006 as well so it could do pre-authentication. SQL cannot be in that sense.
Tuesday, November 18, 2008
a non-secure implementation of OCS
This article, http://www.voipshield.com/news/press-releases-details.php?year=2008&id=20, talks about security concerns in OCS's use of RTP protocol.
But for anybody who is following the best practises of implementing OCS, Microsoft responded that VoIPShield's test is "on a non-secure implementation of OCS, which you would have to disable as we are secure with a default installation."
But for anybody who is following the best practises of implementing OCS, Microsoft responded that VoIPShield's test is "on a non-secure implementation of OCS, which you would have to disable as we are secure with a default installation."
Saturday, September 06, 2008
Not so Chrome.
from the SANS Institute newsletter (NewsBites).
--Chrome Gets Some Dents
(September 3, 2008)
People have already begun to find vulnerabilities in the beta version of Google Chrome, the company's new web browser. In one scenario involving a flaw in the WebKit engine and another in Java, users could be tricked into downloading executable files. In another scenario, the browser could be crashed when users click on maliciously crafted links.
Proof-of-concept code has been posted for both vulnerabilities.
http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=210300297
http://www.scmagazineus.com/Google-Chrome-flaws-come-soon-after-browser-release/article/116251/
http://www.heise-online.co.uk/security/Google-Chrome-beta-comes-with-security-holes--/news/111458
[Editor's Note (Pescatore): Let's see: by my math, if you multiply the security level of consumer-grade software times the security level of beta code, you get a whole mess of vulnerabilities that will be easily exploited. That said, I would love to see more competition in the browser world drive browsers to simpler code bases with more focus on security as the top feature, vs. trying to bundle in email clients and all kinds of other stuff.
(Schultz): For a nice, unbiased view of Chrome security, visit http://www.high-tower.com/blogs/bolcer/
By the way Chrome's EULA still shows
"By submitting, posting or displaying the content you give Google (NSDQ: GOOG) a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, and distribute any Content which you submit, post, or display on or through, the Services."
--Chrome Gets Some Dents
(September 3, 2008)
People have already begun to find vulnerabilities in the beta version of Google Chrome, the company's new web browser. In one scenario involving a flaw in the WebKit engine and another in Java, users could be tricked into downloading executable files. In another scenario, the browser could be crashed when users click on maliciously crafted links.
Proof-of-concept code has been posted for both vulnerabilities.
http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=210300297
http://www.scmagazineus.com/Google-Chrome-flaws-come-soon-after-browser-release/article/116251/
http://www.heise-online.co.uk/security/Google-Chrome-beta-comes-with-security-holes--/news/111458
[Editor's Note (Pescatore): Let's see: by my math, if you multiply the security level of consumer-grade software times the security level of beta code, you get a whole mess of vulnerabilities that will be easily exploited. That said, I would love to see more competition in the browser world drive browsers to simpler code bases with more focus on security as the top feature, vs. trying to bundle in email clients and all kinds of other stuff.
(Schultz): For a nice, unbiased view of Chrome security, visit http://www.high-tower.com/blogs/bolcer/
By the way Chrome's EULA still shows
"By submitting, posting or displaying the content you give Google (NSDQ: GOOG) a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, and distribute any Content which you submit, post, or display on or through, the Services."
Friday, March 07, 2008
Security Certification and Education
The Committee on National Security Systems (CNSS) / National Security Agency ( NSA) of the United States of America certified EC-Council Network Security Administrator Certification as 100% mapped to the CNSS National Standards 4011.
This certification is made by the Information Assurance Courseware Evaluation (IACE) Program, National INFOSEC (Information Security) Education and Training Program and is administered by the U.S. National Security Agency (NSA).The Committee on National Security Systems (CNSS) and National Security Agency (NSA) have developed a nationally recognized certification program based on NSTISSI standards. The CNSS / NSA Certification is a government class certification that is the National Training Standard for Information Security Professionals
For more information -> http://www.eccouncil.org/newsletter/CNSS.swf
This certification is made by the Information Assurance Courseware Evaluation (IACE) Program, National INFOSEC (Information Security) Education and Training Program and is administered by the U.S. National Security Agency (NSA).The Committee on National Security Systems (CNSS) and National Security Agency (NSA) have developed a nationally recognized certification program based on NSTISSI standards. The CNSS / NSA Certification is a government class certification that is the National Training Standard for Information Security Professionals
For more information -> http://www.eccouncil.org/newsletter/CNSS.swf
Tuesday, February 05, 2008
Looking for endpoint encryption?
?Check out http://www.safeboot.com/
It is centrally managed with multiple containers for different types of users.
It is centrally managed with multiple containers for different types of users.
Sunday, January 27, 2008
Fast Facts
· 79 million personal records were reported compromised last year in the U.S., nearly four times greater than in 2006. Source: Identity Theft Resource Center
· More than 20% of commercial applications are open to attack because available fixes for security flaws have not been applied. Source: Secunia APS
· More than 20% of commercial applications are open to attack because available fixes for security flaws have not been applied. Source: Secunia APS
Saturday, December 29, 2007
Friday, August 24, 2007
Wednesday, August 15, 2007
Forefront Security for SharePoint SP1 Available Now
This is the posting at the SharePoint Team BLOG about the availability of SP1 (Service Pack 1) of Forefront Security for SharePoint, not to be confused with Windows SharePoint Services 3.0 SP1 or Office SharePoint Server 2007 SP1 which will be released at a later date.
Sunday, August 12, 2007
Off line patching...WSUS Offline
http://www.vulnerabilityassessment.co.uk/ctupdate.htm
From a forum
"
This tool will allow you to run on a machine downloading every day, building an ISO.
This way you always have an up-to-date CD-image at hand when you need it.
The tool uses the same CAB-file as MBSA and you can manually add extra hotfixes.
"
From a forum
"
This tool will allow you to run on a machine downloading every day, building an ISO.
This way you always have an up-to-date CD-image at hand when you need it.
The tool uses the same CAB-file as MBSA and you can manually add extra hotfixes.
"
Monday, July 09, 2007
I Know What You Did Last Logon: Monitoring Software, Spyware, and Privacy
http://go.microsoft.com/?linkid=6951838
This white paper from the Microsoft Antimalware Team explores the technical methods used by both hardware- and software-based key loggers, how keystroke loggers are integrated with specific malware threats, the user experience associated with various key loggers installed, and the social and legal appropriateness of various use scenarios.
This white paper from the Microsoft Antimalware Team explores the technical methods used by both hardware- and software-based key loggers, how keystroke loggers are integrated with specific malware threats, the user experience associated with various key loggers installed, and the social and legal appropriateness of various use scenarios.
Password Checker
http://go.microsoft.com/?linkid=6951842
Online accounts, computer files, personal information, and company information are more secure when you use strong passwords to help protect them. Offer this tool to your co-workers to help them gauge the strength of their passwords.
Online accounts, computer files, personal information, and company information are more secure when you use strong passwords to help protect them. Offer this tool to your co-workers to help them gauge the strength of their passwords.
Thursday, March 01, 2007
Researcher charts new, more dangerous Oracle attack
The flaw could increase the dangers for unpatched systems.
Subscribe to:
Posts (Atom)
