16 total posts
For Windows Vista Security, Microsoft Called in Pros
When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.
More at http://www.washingtonpost.com/wp-dyn/content/article/2007/01/08/AR2007010801352.html
& To Be Sure Their Backdoor Is Still Fully Functional (LOL?)
Dangers of unprotected Wi-Fi prompt new security laws
Mounting worries about the dangers of too-easy access to wireless LANs have prompted government officials in New York and California to put new laws on the books aimed at preventing network “piggybacking” and exposure of sensitive data in both businesses and homes.
Story at http://www.networkworld.com/news/2007/010807-unprotected-wifi-security-laws.html
F-Secure check's preloaded vulnerability in Acer notebook
F-secure analyse the preloaded applications in Acer Notebook. LunchApp.ocx is preloaded in Acer notebook is something to concern about:
"The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's website, enable easy updates and such – it turns out… it also makes all those machines vulnerable to a specially crafted html file that could instantly download malicious file(s) onto the user's machine and then execute them. It gets even better… Acer enabled "safe for scripting" on that ActiveX library so you wouldn't even see when it's used.
It would be nice if Acer (and other vendors) thought twice before providing a "feature" like this in the future."
See also http://isc.sans.org/diary.html?storyid=2025
UK chip and PIN payment system faces new threat
New research from Cambridge has put a major doubt over the robustness of chip and PIN terminals against tampering. The method involves reprogramming a handheld payment terminal, making it possible to record private payment details that are keyed in by the user during the payment operation. According to researchers at Cambridge University, who have sounded the alarm bells, their idea could be easily replicated and criminals could substitute "fake" payment terminals without shoppers suspecting anything.
APACS, Britain's payment clearing organisation, has already acknowledged the seriousness of the problem and admitted it is in talks with payment terminal manufacturers to see what can be done to protect users.
Complete article at http://www.viruslist.com/en/news?id=208274020
Experts: Vendors need to reach DRM consensus
Time for a showdown
January 09, 2007 (IDG News Service) -- It's time for a DRM showdown, according to experts and industry executives.
The debate over digital rights management (DRM) is as contentious today as it was five years ago. But industry experts on a panel at the International Consumer Electronics Show (CES) Monday said there will have to be some industry consensus soon over digital content protection as the purchase of digital multimedia files become more pervasive among the average consumer.
Pundits on various sides of the debate weighed in on where the future of DRM is headed, agreeing that the issue that has plagued music downloads will get even more complicated now that digital downloads have moved beyond music to television and films, both of which have their own set of complexities.
Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007560&source=rss_topic17
Sophos seeks to stand between harmful sites, surfers
Hardware appliance handles bans, malware infectors
January 09, 2007 (IDG News Service) -- Sophos PLC has released a Web filtering appliance for business users, one of several vendors adding the technology to their security product line-up.
The WS1000 appliance, which sits at the gateway, is designed to stop users from infecting their computers with harmful programs as a result of Web surfing, said Graham Cluley, senior technology consultant for Sophos, on Tuesday.
Web filtering software and appliances are a growing area for security vendors, as they offer the advantage of stopping malicious code and executables before they reach the desktop. They aren't a replacement for desktop antivirus software, however, as users can still infect their machines by clicking on, for example, a link in an instant message or an email.
Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007558&source=rss_topic17
Spam shows sudden slide
By Matthew Broersma, Techworld
Worldwide spam levels have mysteriously dropped off over the past week, according to managed email provider SoftScan, possibly as a result of a major botnet going out of service.
Spam levels continued to rise in December, but crashed by 30 percent in the first week of January, SoftScan said on Tuesday. The company has seen nothing similar in the past, but believes the most likely explanation is that a botnet - a network of compromised machines - has temporarily lost control of its client systems.
The results are based on SoftScan's analysis of the email systems it scans for about half a million users, mostly international businesses, according to chief technology officer Diego d'Ambra.
Read more: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7735
Mozilla To Update Firefox Feb. 1 With Vista Patches
About 100 bugs have already been spotted and quashed, but about 60 remain unpatched.
By Gregg Keizer
Jan 9, 2007 12:59 PM
Mozilla developers plan to update Firefox on Feb. 1 with bug fixes to make the browser work better under Microsoft's new Windows Vista operating system, which will have been rolled out to consumers two days earlier.
According to notes from the weekly status meeting held Monday, the first of next month is the tentative release date for Firefox 18.104.22.168 and 22.214.171.124, the next security updates to the two versions that Mozilla is supporting. About 100 bugs have already been spotted and quashed, but about 60 remain unpatched, the notes said. Special attention will be paid to bugs involving Windows Vista in the hope that most or all can be fixed before Vista releases to retail.
Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196802279&cid=RSSfeed_IWK_Security
Microsoft Turned To National Security Agency For Vista Secur
Microsoft Turned To National Security Agency For Vista Security Help
The NSA detailed a team to work with Microsoft on the new operating system, which is expected to be used by hundreds of millions of computer users.
By W. David Gardner
Jan 9, 2007 11:25 AM
Microsoft has confirmed and elaborated on the role the National Security Agency played in helping secure the firm's Vista operating system, according to a report in Tuesday's Washington Post.
The eavesdropping and code-breaking agency has some of the best cryptographers in the world, and the NSA detailed a team to work with Microsoft on the new operating system, which is expected to be used eventually by hundreds of millions of computer users.
The relationship isn't exactly top secret: The newspaper noted that Microsoft's Web pages take note of the NSA's involvement in the "Windows Vista Security Guide."
Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196802240&cid=RSSfeed_IWK_Security
Five predictions for instant messaging security in 2007
Ericka Chickowski Jan 9 2007 19:07
Organizations will face a number of factors in 2007 that will force them to address their instant messaging (IM) security and compliance practices, predicted messaging security firm Akonix last week.
Akonix predicted five major drivers that will spur companies to quit ignoring IM management and security as the technology continues to spread in the workplace. According to a recent paper by the Radicati Group, IM use at work will grow at a 22-percent clip over the next five years.
"The underlying principle is that the use of IM in a corporate setting is on the rise - both formally and informally," Peter Shaw, CEO of Akonix, told SCMagazine.com. "Companies need to make sure that they understand that IM is a piece of their landscape and they need to put the proper safeguards in place so they can stay in compliance. We think it will percolate up beyond the IT people to the people responsible for corporate governance because there is more scrutiny on senior level management."
Read more: http://www.scmagazine.com/us/news/article/625181/five-predictions-instant-messaging-security-2007/
New Office for Mac Coming
Microsoft announces Office for the Mac 2008 and converters to make the current version compatible with Office 2007's XML formats.
Yardena Arar, PC World
Tuesday, January 09, 2007
Office for Mac users who've been wondering about a new version--and Office 2007 compatibility--got some answers today as Microsoft said it will ship Office for Mac 2008 by year's end.
At MacWorld in San Francisco, officials of Microsoft's Macintosh Business Unit also announced plans for spring delivery of beta versions of converters that will allow the current version of the popular suite, Office for Mac 2004, to open, edit, and save files in Office 2007's new default XML formats for Word, PowerPoint, and Excel. The final converters will appear six to eight weeks after Office for Mac 2008 ships, Microsoft says.
Read more: http://www.pcworld.com/article/128461-1/article.html?tk=nl_dnxnws
NSA offers Vista installation tips
Microsoft got input from the National Security Agency for a document with tips on how to use the Windows Vista operating system in larger organizations.
The National Security Agency Information Assurance Directorate reviewed the Windows Vista Security Guide and provided comments that were incorporated in the published version, according to Microsoft. The U.S. Department of Commerce's National Institute of Standards and Technology, NIST, had a similar role, Microsoft said.
"Feedback from these agencies as well as enterprise customers informed Microsoft's development of a security configuration guide to aid governments and other large organizations in deploying and configuring Windows Vista to meet their specific security and privacy needs," a Microsoft representative said in an e-mailed statement Tuesday.
The NSA or any of the other agencies did not, however, have a special role in the development of the actual Vista operating system, a Microsoft representative said by phone. But they were free to provide feedback on Vista throughout the beta process, just like any other testers, the representative said.
Mozilla Takes Aim at Opera Security
Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users.
At least that's the allegation made by Mozilla Corp.'s Asa Dotzler. According to the security research firm that discovered the recent Opera vulnerabilities, Opera's security disclosure practices are no better (or worse) than most vendors'.
Dotzler alleges that Opera downplays the severity of its security announcements, which come weeks after a new product release.
"Now, let me make this clear up front. I am not claiming that they should be releasing the explicit details of their fixes or specific information about how to exploit the unfixed versions of the browser," Dotzler blogged.
"But not telling the user that an update is a critical security update and that the unfixed versions of the browser are vulnerable to remote attack is just wrong."
More at http://www.internetnews.com/dev-news/article.php/3653031
See also previous post on the above at http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=227024&messageID=2367613#2367613
Googlebot Indexing Windows Installer Files .msi
A blogspot blogger spotted that Google's search engine is indexing the Windows Installer files (.msi) and some Executable files (.exe). He wonder if such is something to be worried about.
"there be a situation when Google indexes executables that are trojans or even viruses ?"