The Way to a Zero Day
No, sorry but this is not a tutorial
I just read this blog post on Websense which is pretty interesting: The way to a zero-day
Roger
The Windows 7 UAC "Vulnerability"
It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. Let’s…
DetailsAfter Estonia now Kyrgyzstan
There is definitely proof that during war times, armies add a virtual component to the “real life†war. Additionally we have seen the attacks to Estonia, where nobody really knew where they originated from (I do not mean the country but whether a government was behind them of just a group of hackers). Now, we…
DetailsData Protection Day 2009
In early December I blogged about the Privacy Video Competition of the Data Protection Day. Today is the day: The winners just were announced. If you want to look at the videos (they are actually pretty cool): Watch all entries: http://eskills.eun.org/web/dprotection/gallery Watch all shortlisted entries: Watch the winning entries: Little Betsy – Bulgaria ID –…
DetailsPiracy and Security (part 1.5)
Well, it is not really a follow up of my last post but goes into the same direction: A few years ago (I was still working in Switzerland) we ran an event where consumer could bring us their PC and we checked it for viruses and cleaned it where necessary. When we found a heavily…
DetailsCentralized Information About The Conficker Worm
Since I enabled Live chatting on my blog I got several questions about Conficker already, which I am happy to answer. However, Ziv from our Malware Protection Center now published an excellent blog post summarizing all the information about Conficker – how you can get infected, what you can do to protect and finally what…
DetailsComments on US-CERTs Advisory on Auto-Run
You might have seen the advisory of the US-CERT titled Microsoft Windows Does Not Disable AutoRun Properly – if not, you will definitely have seen one of the articles covering this issue and telling you that our advice on how to prevent Conficker is flawed. This statement is not quite true the way it came…
DetailsIs there a Correlation between Stolen Software (Piracy) and Security/Patching?
Remark: A few weeks ago I made a post where I asked you about the correlation between Piracy and Security. I was talking about Piracy (stolen software) and got a lot of answers about Privacy (Data Protection) . So the following post is about stolen and illegal software… I was recently asked in a panel…
DetailsIs Mozilla really the most secure Web Browser?
On http://en-us.www.mozilla.com/en-US/firefox/security/ Mozilla claims that Firefox is “The Safest Web Browserâ€. Unfortunately they leave a lot of their claims unsupported. This is something our Jeff Jones looks into. Since a lot of years Jeff looks into figures and metrics around security and is very well known for his vulnerability analysis. So he is looking closer…
DetailsConficker and Microsoft Anti-Malware Software
I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment. The comment first: There were some discussions about our Anti-Malware solution. We had protections in…
DetailsAdditional Information on Conficker – MSRT removing Conficker
Over the last few days I blogged several times about Conficker and some of the posts caught quite some press attention. Especially when I talked about the Russian Roulette. Today I have very, very good news: The Malicious Software Removal Tool (MSRT) which we will release today includes signatures to remove Conficker as far as…
DetailsRussian Roulette with your Network (part 2)
My latest blog post on this matter generated quite some attention. Based on what happened since then, let me be clear on what I wanted to say (and still want to say): If you decide not to roll out a security update which is so critical that we decide to go out of band, you…
DetailsApple releases Keyboardless Laptop
Wow, there are news, which we cannot cope with. Apple just announced the first laptop without keyboard:
Apple Introduces Revolutionary New Laptop With No Keyboard
and additionally the new Mac Tiny:
They even talk about the Mac Nano in this video
Enjoy
Roger
Windows 7 Beta and Windows Live
You might have heard it: Yesterday at CES, Steve Ballmer made two very important announcements:
- The availability of Windows 7 Beta
- And the availability of the latest version of Windows Live
So, start having a look at these two new products. It is worth it!
Roger
Network Access Protection Client for Mac and Linux
This is very exciting news: Unet, one of our NAP partners now delivers a NAP Client for Mac and Linux.
Here are some very cool screenshots from their website:
This is the Windows Client:
Here for Mac:
And finally for Linux:
If you are running mixed environments, you should look into
Roger
Russian Roulette with your Network
First of all, before I really start, I hope that you all had a great start in 2009. Mine was actually pretty mixed. The good side was, how my year really started and what I saw when I looked out the window at January 1st (yes, I was on vacation skiing and this was how…
DetailsSpying on Smartphones
I was recently at an event for Law Enforcement where one of the discussion points was how critical it is to protect Smartphones – actually it was more about how easy to would be to claim that my Smartphone was hacked and how proof can be found. That you should run Anti-Malware software on phones,…
DetailsSQL Injection – again?
This week I had – again – a longer mail thread on SQL Injection attacks. Probably it caught me at the wrong moment, as it was a very long week preparing for the IE Out of Band making sure everybody knows what they have to do. And then… I was actually pinged by our office…
DetailsStealing the Empire State Building in 90 Minutes
You do not trust e-Business? Why do you trust “normal†business then? Read this: Newspaper ‘Steals’ Empire State Building in Just 90 Minutes
Roger
Internet Explorer Security Update Ready
Go out there and install the update immediately now. Here is the bulletin: MS08-078 – Security Update for Internet Explorer (960714)
If you think that you could be infected, run a scan with the online Windows Life OneCare Safety scanner which finds the malware based on this exploit as far as we know it.
Roger