Add embassy websites to the growing list of hacked internet destinations trying to infect visitor PCs with malware.
Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet, according to Ofer Elzam, director of product management for eSafe, a business unit of Aladdin that blocks malicious web content from its customers' networks. In November the Ministry of Foreign Affairs of Georgia and Ukraine Embassy Web site in Lithuania were found to be launching similar attacks, he says.
All three sites had been hacked to include invisible iframes that initiated a chain of links that ultimately connected to servers hosting malicious code, which was heavily obfuscated to throw off antivirus systems.
Windows Vista One Year Vulnerability Report
Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product.
This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products.
The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.
You can download the paper (in PDF format) at http://blogs.technet.com/security/attachment/2772991.ashx