Friday, August 28, 2009

Top 10 windows secuirty Configuration

There are always top 10 lists that grab your attention; and this one should be no different. Windows provides many settings, options, and areas of configuration. In reality, this might be a Top 100 list, but there is only room for 10. This list is created from years of educating and asking myself questions like, “what do administrators do and not do when it comes to security?” This list seems to be where administrators fail to look and setup security. It also includes a few settings that are not all that well known, but certainly have huge rewards for securing your Windows environment. 
Click on the below link to get the Top 10 windows secuirty Configuration:

Friday, August 21, 2009

Data breach avoidance begins with security basics, panel says

Companies can spend money fixing coding errors or invest millions in the latest and greatest security technologies, but still leave the business at risk to a major security breach if employees aren't properly trained and appropriate policies aren't set and enforced.

The biggest mistake leading to a data security breach is often pinpointed by investigators as a fundamental security error, according to a panel of experts who discussed the topic of data breaches Wednesday. The panel discussion, sponsored by security vendor, Bit9 Inc., included Bob Russo, general manager of the PCI Security Standards Council, Rich Baich, partner at Deloitte and Touche and former CISO of ChoicePoint and Tom Murphy, chief strategist of data protection vendor, Bit9.

Read More about this article at:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1365454,00.html

Hacker Used Twitter To Control Infected PCs

Criminals are finding inventive ways to exploit legitimate social networking services to help with their dirty work. One reason social networks are an attractive target for crooks is because their content is hard to monitor, and because people click on lots of links inside their accounts, which is a key way computer infections are spread.

Read more: http://www.enterprise-security-today.com/story.xhtml?story_id=11000CC0BPBO

Tuesday, August 18, 2009

Three indicted for Hannaford, Heartland data breaches

A federal grand jury has indicted a Miami man and two Russian hackers for their involvement in an international scheme to steal more than 130 million credit and debit card numbers from five companies. 
The indictment alleges the men conspired to conduct the largest credit and debit card data breach ever charged in the United States. 
The Department of Justice issued a statement today about the indictment, which accuses Albert Gonzalez, 28, and two unnamed Russian citizens of stealing data from Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Brothers Co. Two other companies remain unnamed because their breaches have not been made public, the DOJ said.
Read more about this at:

Patch management study shows IT taking significant risks

The latest research around patch management is a good reminder for security teams to move patch diligence up the stack to applications and to resist disabling signature checking for performance in UTMs. 

Qualys Inc. presented an update at the recent Black Hat USA 2009 briefings to their Laws of Vulnerabilities research, a timely statistical review in light of the increase in Microsoft Internet Explorer, Microsoft Office, Adobe Reader, and Apple QuickTime application level attacks. The study, first conducted in 2004, is based on years of accumulated vulnerability scanning data of the Qualys installed base.
Read more about this article at:

Wednesday, August 12, 2009

Patch Tuesday: August, 2009: 4 workstation holes and a little something for everyone else

There’s plenty to keep us busy this month. Most of the vulnerabilities have Microsoft’s exploitability index of 1 meaning they expect consistent exploit code likely in the next 30 days. Half are workstation vulnerabilities. There’s one denial of service vulnerability for IIS web servers. One vulnerabilities affecting your WINS servers and then 3 that could impact workstation but would mostly be found on servers.

Click on the above Patch chart for enlarged view.

Source: Ultimate windows Security                                                 

Link:http://www.ultimatewindowssecurity.com/Default.aspx

                                                                  

Microsoft fixes Office Web Components vulnerability, kill-bit bypass

Microsoft repaired critical Office Web Components vulnerabilities being actively exploited in the wild since they were first acknowledged by the software giant last month. 

Microsoft also released an additional critical update to repair ActiveX vulnerabilities in its Active Template Library. The errors enable an attacker to bypass kill-bits, a feature commonly deployed by Microsoft to block attackers from exploiting complex interoperability vulnerabilities without addressing the underlying flaw. 

In all, Microsoft issued nine security updates Tuesday, including six rated critical, affecting Windows and Office Web Components.

Tuesday, August 11, 2009

Vulnerabilities, regulatory compliance drive data protection market

In this difficult economy -- some say because of the economy -- data security remains a spending priority. Companies still must meet regulatory compliance requirements; layoffs, and the specter of impending layoffs, have exacerbated corporate concerns about employees taking sensitive information out the door.

It's true that every information security technology in some way involves the data protection market -- everything from network firewalls and desktop antivirus to application security products (Web application firewalls, code review tools, etc.) However, there are two critical markets that deal with data directly and are generating some serious business: mobile data security (laptop encryption and portable device control), which Forrester Research Inc. pegs at a $1 billion-plus business, and data leakage (or loss) prevention (DLP). Forrester estimates the DLP market will be between $200 million and $250 million this year, while Gartner estimates around $300 million.

Readmore:http://searchsecuritychannel.techtarget.com/news/article/0,289142,sid97_gci1361847,00.html

Corporate Web 2.0 Threats - FAQ

In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs.

Source: Techtarget

Link: http://searchsecurity.techtarget.com/video/0,297151,sid14_gci1352690,00.html

Friday, August 7, 2009

Microsoft to address critical vulnerability in Office Web Components

Microsoft will issue five critical security bulletins in its August Patch Tuesday release next week, including one that affects Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server, and another for both Windows and the Windows Client for Mac.

In its advance noticeissued Thursday, Microsoft said that the critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server addresses a vulnerability in Microsoft Office Web Components, first raised in security advisory 973472. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, remote code execution is possible and may not require any user intervention.

Read more at below link:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1363924,00.html?track=sy160

Denial-of-Service Attack Strands Twitter Users

A distributed denial-of-service attack took Twitter offline for several hours, preventing millions of users from tweeting. Security experts said the Twitter attack came through botnets via Sweden and Europe. While usershad withdrawal pangs, businesses got pinched and experts said Twitter needs more protection from DDoS attacks.

Say it isn't so! The Twitter bird's beak was closed Thursday as Twitter fought a distributed denial-of-service attack that shut it down for several hours. 

With the mini-blogging site down from 9 a.m. Eastern time until noon, its millions of members were unable to tweet by Web and by mobile phone. A tweet test brought an error message that the "network request failed."

Read more at below link: 

http://www.enterprise-security-today.com/story.xhtml?story_id=012000EWBOGO

Tuesday, August 4, 2009

How can you handle risks that come with social networking?

Social networking — whether it be Facebook, MySpace, LinkedIn, YouTube, Twitter or something else — is fast becoming a way of life for millions of people to share information about themselves for personal or business reasons. But it comes with huge risks that range from identity theft to malware infections to the potential for letting reckless remarks damage corporate and personal reputations.

I found an intresting article on "networkworld" website which talks about social networking sites and risks related to it. click on the below link to read the full article.

http://www.networkworld.com/news/2009/042709-burning-security-social-networking.html

Monday, August 3, 2009

Chinese Hackers Crack Windows 7 Activation Codes

The pirated version even tricks the computer and Microsoft's servers into believing it is a genuine copy, allowing it to avoid Microsoft's validation safeguards. The report said that the copied software was hacked via a disc stolen from Chinese computer maker Lenovo, but that the pirated version would work just as well on Dell and HP computers too. 

Chinese hackers have cracked the activation codes for Windows 7, less than a month after Microsoft Relevant Products/Services released the first copies of the new operating system to computer makers, technology news site CNET reported Thursday.

The crack will allow fully functional, copied versions of the Ultimate Version of Windows 7 to be distributed over file-sharing sites even before the operating system is released to the public in October. 
Read More about this at: http://www.enterprise-security-today.com/story.xhtml?story_id=00200059ERIC