Microsoft warns of flaw in OWC, Office 2007 unaffected
By emil.protalinski@arstechnica.com (Emil Protalinski) on Office Web Components
Microsoft has posted Security Advisory 9737472 to warn its users that it is responding to a privately reported flaw in Microsoft Office Web Components (OWC) that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user. To make matters worse, if the user is using Internet Explorer, code execution is remote and therefore may not require any user intervention. The list of Office software that this affects is as follows: Office XP, Office 2003, Office XP Web Components, Office 2003 Web Components, Internet Security and Acceleration Server 2004, Internet Security and Acceleration Server 2006, and Office Small Business Accounting 2006. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.
Bill Gates wants Project Natal on Windows one day
By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows
Microsoft Chairman Bill Gates likes bringing technology to as many people as possible. A computer on every desk? Done (more or less). Now Project Natal is one of those out-of-this-world technologies that is about to come to the masses (if you count gamers as the masses).
12% of e-mail users have actually tried to buy stuff from spam
By jacqui@arstechnica.com (Jacqui Cheng) on WTF
Be honest: have you ever responded to a spam e-mail? Do you know anyone who has? If you're like most of us at Ars, you can't fathom why anyone would respond to most of the messages we get, but a new study released by the Messaging Anti-Abuse Working Group (MAAWG) shows that there are just enough people responding to make spamming worthwhile—especially since most spam these days is sent by botnets.
Microsoft reveals official names for "Stirling" and "Geneva"
By emil.protalinski@arstechnica.com (Emil Protalinski) on Stirling
At this year's Worldwide Partner Conference, Microsoft announced pricing and the naming for its Forefront security solution (codenamed Stirling), the company's next version of a comprehensive protection solution across endpoints and servers. Stirling will be officially known as Forefront Protection Suite (FPS) and will include the products in the current suite, plus the Forefront Protection Manager (formerly known as the Stirling management console) and the Forefront Threat Management Gateway Web Security Service.
Symbian admits Trojan slip-up
By Tom Espiner
The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test.
The botnet-building Trojan, which calls itself "Sexy Space," passed through the group's digital-signing process, Symbian's chief security technologist Craig Heath said ...
Google fixes flaws in Chrome
By Seth Rosenblatt
New versions of Google Chrome are out, fixing bugs and patching security holes in both the stable build and the beta build.
Two serious security flaws have been plugged. One had allowed for malicious code exploitation within the Chrome tab sandbox. Found by the Google security team, the threat was ...
Mozilla closes security hole with Firefox 3.5.1
By Stephen Shankland
Mozilla updated Firefox to version 3.5.1 for Windows, Mac, and Linux on Thursday, fixing a security problem, improving stability, and speeding launch time on some Windows systems, according to the release notes.
"We strongly recommend that all Firefox 3.5 users upgrade to this latest release," browser director ...
CEOs, other execs disagree on security
By Lance Whitney
CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.
Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings ...
Lessons from Twitter's security breach
By Josh Lowensohn, Caroline McCarthy
Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.
In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.
The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.
While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.
Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.
A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.
"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."
Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.
But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also...
Survey: Why do people respond to spam?
By Lance Whitney
Most people may think they're smart enough not to answer an obvious spam message. But is that really the case?
Almost one third of consumers questioned admitted answering e-mails they suspected were spam, says a survey released Wednesday by the Messaging Anti-Abuse Working Group (MAAWG).
Zero-day flaw found in Firefox 3.5
By Tom Espiner
There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.
The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog ...
Microsoft plugs critical DirectShow, Video ActiveX holes
By Elinor Mills
Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.
Overall, the six "Patch Tuesday" ...
Cisco: Text message scams on the rise
By Elinor Mills
Cyber scammers are banking on the notion that many people who might not fall for a phishing scam via e-mail may still be easy targets through their mobile phone, according to security report released Tuesday from Cisco Systems.
Text message scams are on the rise, particularly fake messages that appear ...
Royal Australian Air Force website defaced
By Rik Ferguson on web
In a politically motivated attack, the Home and About Us sections of the front page of the Royal Australian Air Force website have been defaced by someone calling himself Atul Diwevedi.
Virtually Secure?
By Rik Ferguson on VMware
“Security and virtualisation” as a concept covers a wide variety of implementations, software virtual appliances, virtual machines running on third party virtualisation servers, Software as a Service (SaaS) and the virtual appliances designed to run on blades in chassis-based solutions. As a result of the breadth of offerings, this technology is being adopted from the small [...]
bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool
By Darknet on sql-injection-tool
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]
Chinese Company Shares Huge Malware Database
By Darknet on worms
We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it. It seems like with China pumping out the [...]
Damn Vulnerable Web App – Learn & Practise Web Hacking
By Darknet on web-security
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote File Inclusion) Command Execution Upload Script Login Brute [...]
Security Researcher to Reveal Mac Rootkit at Black Hat
In Rootkits
Security researcher Dino Dai Zovi discusses his research on a new rootkit for Mac computers, and sizes up Apple and Microsoft when it comes to security.
Sexy New Mobile Botnet on the Move?
In Virus and Spyware
Security researchers are pointing to a recent SMS spam-bred attack as evidence that malware gangs may have finally begun attempting to launch botnets that target mobile devices.
Waves of New Trojans Overwhelming AV
In Virus and Spyware
Trojan outbreaks are evading signature-based AV systems in larger numbers again, according to a new research report.
Dangerous Bug Hits Firefox 3.5
In Vulnerability Research
Sample exploit code for a vulnerability in Firefox 3.5 is circulating the Web. Here are some resources for information on workarounds.
Tying Cyber-crime to a Struggling Economy
In Risk Management
Cisco's midyear report on cyber-crime highlights the importance of keeping tabs on insider threats.
Agencies riddled with security holes, GAO says
The Government Accountability Office says agencies' information security policies aren't good enough and OMB needs to improve its guidance under FISMA.
IT costs central to Real ID, PASS ID debate
Backers of the Real ID Act and proposed PASS ID Act have been debating the extent to which states need to make expensive information technology investments to improve the security of driver's licenses.
DOD on the hunt for security solutions
Recent RFIs focus on virtualization-based security strategeies and commercial solutions for defending against denial-of-service attacks.
Administration to get recommendations on reducing over-classification
The Public Interest Declassification Board has been gathering public recommendations for how the Obama administration should improve policies for classifying national security data.
More than half of states moving on Real ID
Although the program is controversial, 27 states are likely to meet milestones.
DHS: Give us info on cybersecurity products
The Homeland Security Department wants information from companies on their solutions that could be used to protect the government's domain used by civilian agencies.
IT central to debate over Real ID, PASS ID
Backers of a new driver's license security program say the current Real ID program's costly IT requirements are unnecessary and won't work for states.
Kundra: System will give agencies easier access to new technology
A new storefront is designed to let federal agencies buy technology in real time.
DOD: Can virtualization make security more manageable?
Virtualization technology may be used to deal with the Defense Department's network security problems.
GSA SmartBuy contracts awarded
Program will make cybersecurity software available to agencies.
Review: Firefox 3.5 Makes Browsing Better
Mozilla's latest Web browser is a solid step forward, with features including private browsing, geolocation, and support for the latest audio, video, graphics, and HTML 5.
HTC Fixes Bluetooth Vulnerability In Smartphones
Security flaw allows attackers to gain access to all files on HTC's Windows Mobile phones running the 6.0 or 6.1 versions.
HTC Fixes Bluetooth Vulnerability In Smartphones
Security flaw allows attackers to gain access to all files on HTC's Windows Mobile phones running the 6.0 or 6.1 versions.
Twitter Hack Tars Google's Cloud
The distribution of internal Twitter documents by a hacker has revived doubts about the security of cloud computing. But Google wants everyone to know that security tools are available for those who want to use them.
Twitter Hack Tars Google's Cloud
The distribution of internal Twitter documents by a hacker has revived doubts about the security of cloud computing. But Google wants everyone to know that security tools are available for those who want to use them.
Twitter Confidential Files Distributed By Hacker
The hacker who hijacked a Twitter admin account in May has been distributing sensitive files taken from the company, ostensibly to educate people about the risks of poor computer security.
Twitter Confidential Files Distributed By Hacker
The hacker who hijacked a Twitter admin account in May has been distributing sensitive files taken from the company, ostensibly to educate people about the risks of poor computer security.
Senate Mulls Jamming Cell Phone Signals In Prisons
Proposed legislation seeks to halt the use of illegal cell phones in prisons but is countered by public interest agency officials.
Firefox 3.5 Vulnerability Rated 'Highly Critical'
Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.
Firefox 3.5 Vulnerability Rated 'Highly Critical'
Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.
Microsoft Fixes Nine Vulnerabilities In July Patch
Two zero-day vulnerabilities are addressed in Microsoft's July patch cycle, but a third flaw that was revealed on Monday remains.
Defense Dept. Seeks Cyberattack Protection
The main Web site of the Department of Defense was a target of a recent distributed denial of service attack.
The NSA wiretapping story that nobody wanted
They sometimes call national security the third rail of politics. Touch it and, politically, you're dead.
E-crime efforts to be improved in Home Office strategy
An organised cybercrime strategy, published by the Home Office, has promised to beef up law enforcement's e-crime strategy in an effort to curb the threat.
HTC issues hotfix for Bluetooth vulnerability in smartphones
HTC released a software update on Thursday that fixes a Bluetooth vulnerability disclosed earlier this week by a Spanish security researcher.
Mozilla quashes first critical bug in Firefox 3.5, beats Microsoft to patch punch
Mozilla has issued a patch for a Firefox 3.5 bug that was disclosed on Monday and called "self-inflicted by one contributor.
Want media attention? Don't use Twitter: security expert
A security expert has warned that organisations should prepare for more politically motivated Web site attacks, as hackers seek more effective vehicles for gaining large-scale media attention.
Businesses dismiss cloud security concerns
Business leaders have more confidence in cloud computing than the organisation's technical managers. That is according to business Internet service provider Star, which found that U.K. CIOs have dismissed security concerns about cloud computing.
Freecom puts swipe-card security on hard drive
Storage vendor Freecom has come up with a new external USB hard drive that can only be accessed using an RFID (radio frequency identification) swipe card.
Five NHS Trusts slammed for breaching Data Protection Act
The Information Commissioner's Office (ICO) has issued more warnings to NHS bodies after five Trusts have been found to breach the Data Protection Act, with one trust leaving patient notes on a bus.
Possible Twitter lawsuit would dive into murky blog waters
If Twitter goes ahead and sues Web sites that posted proprietary information that was stolen by a hacker, it would be moving into murky legal waters, experts said today.
Microsoft sues mobile ringtone company for phishing, spam
Microsoft has sued a Hong Kong seller of mobile ringtones, saying the company used phishing techniques to flood Microsoft Live Messenger users with spam messages.
U.S. Dept. of Energy builds attack defense network
The U.S. Department of Energy is starting to deploy what it describes as a network neighborhood crime watch that pools attack data from intrusion detection systems at disparate DoE sites to facilitate faster response times.
SSL VPN hack vulnerability details to emerge
Confidential online connections like banking transactions made from public wireless hotspots remain vulnerable to attacks despite improved security that was supposed to fix the problem, researchers will demonstrate at the Black Hat security conference.
Analysts see alarming development in mobile malware
The first worm that spreads between mobile devices by spamming text messages has developed a new communications capability that one security vendor says signals the arrival of mobile botnets.
Guessable SSNs -- but what is that the real problem?
Researchers at Carnegie Mellon University report that they can sometimes guess a person's Social Security number and the press goes nuts. This is actually a good thing (the press going nuts that is).
Solving the DLP Puzzle: Survival Tips from the Trenches
It's no easy task implementing a data loss prevention (DLP) program when there's so much disagreement in the security community over what DLP entails. But those who've been through it have good news: It can be done.
AV vendors fight 'scareware' with new whitelist
Security vendors have decided to take on the plague of bogus anti-virus software circulating on the Internet by creating a public list of legitimate vendors and programs.
A new way to get iPhones under control
TrustDigital has released an updated version of its mobile device management software, with improved support for the Apple iPhone, including the new 3GS model, and iPod Touch.
50% of men never pay to download music & movies
Nearly half of Brits never pay to download music, video or games, says Telindus.
Malaysian foreign ministry's Web site compromised
Recent visitors to the Web site of Malaysia's Ministry of Foreign Affairs may have come away with something other than a better understanding of Malaysian foreign policy or the country's visa requirements. The Web site was compromised by an unknown attacker and used to redirect visitors to another site containing malicious code.
Obama administration defends Bush wiretapping
Lawyers from the U.S. Department of Justice and the Electronic Frontier Foundation squared off in a San Francisco courtroom Wednesday over a warrantless wiretapping program instituted by the Bush administration.
Twitter vs TechCrunch: Heads in the clouds and elsewhere
Whenever Michael Arrington posts anything on TechCrunch with a theme of "Ethics 101," you know you're in for some unintentional high comedy. Such was the case today when someone calling himself "Hacker Croll" dumped a carton of internal Twitter documents on TechCrunch's doorstep.
CEOs underestimate security risks, survey finds
Chief Executive Officers are likely to hold different views on corporate data security issues than other C-level executives, according to the results of a Ponemon Institute survey.
E-commerce industry opposes new Indian online security rules
A decision by India's central bank to mandate another level of authentication for card use for online transactions will deter such transactions in the country, according to an association of India's e-commerce industry.
U.K. brothers sentenced for making fake credit, debit cards
Three brothers were sentenced to prison on Tuesday in a London court for creating counterfeit credit and debit cards, defrauding victims of more than £600,000 (US$978,000), according to the Metropolitan Police.
IronKey USB drive gets uncrackable shell
IronKey reckons it has made its super-secure S100 crypto USB drive family even harder to crack.
Check Point endpoints get 'sandboxed' browser
Check Point customers will this week get their hands on the latest version of the company's endpoint security client, R72, which features a new security-boosting 'sandbox' browsing mode.
Firefox 3.5's first vulnerability 'self-inflicted,' says scientist
Mozilla has confirmed the first bug in the Firefox 3.5 browser that was launched about two weeks ago.
Researchers to Spotlight Darknets at Black Hat
In one of the first talks at this year's Black Hat USA, Billy Hoffman and Matt Wood, both security researchers at HP, plan to demonstrate a darknet designed to run entirely within a browser.
McAfee teams with Tufin to streamline firewall management
Tufin is teaming with McAfee to integrate their security products to reduce the time and cost of running firewalls and make it easier to draw on data needed to meet regulatory audits.
PCI council publishes wireless security guidelines for payment cards
Any business accepting credit and debit cards -- and using or considering wireless LANs -- should carefully review the recommendations for use of 802.11 wireless access points that are detailed in the guidelines issued Wednesday by the Payment Card Industry Security Standards Council.
CSH5 discussion group Opens for business
The Computer Security Handbook, Fifth Edition (CSH5) edited by Seymour Bosworth, M. E. Kabay and Eric Whyne was published in February 2009 and we’ve already found mistakes! Oy gevalt ("Woe is me" in Yiddish). You can humiliate the editors even further with your very own contributions of typographical errors, infelicitous phrases, unclear paragraphs, and obsolete references. Just join the new CSH5_Discussion group on Yahoo and pitch in!
DHS, Congress look to strengthen E-Verify system
The DHS and two U.S. Senators moved this week to mandate use of the federal E-Verify program by employers to determine whether workers are legally employed in the U.S.
Patch Tuesday Fixes Serious Holes, Leaves Another Open
Microsoft today fixed a serious, under-attack flaw in a video ActiveX control, along with other critical flaws involving QuickTime files and fonts. But a critical zero-day hole in another ActiveX control remains unpatched.
Attacks against unpatched Microsoft bugs multiply
Attacks exploiting the latest Microsoft vulnerability are quickly growing in quantity and intensity, several security companies warned today as they rang alarms about the developing threat.
Microsoft delivers 9 patches, but leaves one hole open
Microsoft today delivered six security updates that patched nine vulnerabilities. The patches fix two bugs now being used by hackers but leave one still open to exploit.
Firefox 3.5 Vulnerable to Critical Javascript Attack
A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack, according to Secunia, which tracks security vulnerabilities.
Investigation into cyberattacks stretches around the globe
British authorities have launched an investigation into the recent cyberattacks that crippled Web sites in the U.S. and South Korea, as the trail to find the perpetrators stretches around the world.
British hacker keeps fighting extradition to U.S.
An admitted hacker who broke into U.S. military computer systems shortly after the Sept. 11, 2001 terrorist attacks has made a new appeal to a British court seeking to be tied in the U.K. rather than in the U.S.
Clever attack exploits fully-patched Linux kernel
'NULL pointer' bug plagues even super max versions
A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.…
MS sues ringtone firm over smut-punting IM spam scam
SPIM phishers feel the wrath of Redmond's lawyers
Microsoft has set its legal attack dogs on a Hong Kong distributor of mobile ringtones, over allegations that it has flooded Microsoft Live Messenger users with deceptive, fraudulent IM spam messages ultimately aimed at promoting online smut.…
App dev security – where are the risks?
Tackling bigger and better idiots
Thanks for some great comments from the article about making applications more secure. One of my favourites was, “It's all very well trying to make your software idiot proof, but the problem is that the world keeps creating bigger and better idiots.” How true this often appears.…
Oz cops turn to wardriving to fight Wi-Fi 'jackers
Fuzz logic
Police in the Australian state of Queensland are to go on the hunt for unsecured wireless networks.…
Webcams, printers, gizmos - the untold net threats
Ghost in the machine
Forget mis-configured Apache servers and vulnerability-laden Adobe applications. The biggest security threats to business and home networks may be the avalanche of webcams, printers, and other devices that ship with embedded web interfaces that can easily be turned against their masters.…
Reg readers crack case of the $23 quadrillion overcharge
<empty field> + binhex = Visa FAIL
It seems an empty amount field is the culprit in the programming glitch that caused some 13,000 holders of prepaid Visa cards to receive warnings that their accounts were overdrawn by more than $23 quadrillion.…
High spam response powers junk mail economy
Lunkhead junk mail buyers come clean
Almost a third of consumers admit responding to messages that might be spam emails. Some acted out of curiosity or by mistake but a puzzling 96 from a sample of 800 (12 per cent) said they clicked because they interested in the product or service advertised in junk mail messages.…
Google puts Chrome updates on Courgette-only diet
Squeezing the zucchini juice
Google has shrink-wrapped the way it delivers updates to its Google Chrome browser by releasing a new system dubbed Courgette.…
Zombies bite into Symbian smartphones
Low-risk mobile Trojan bundles botnet features
Security researchers have identified the first known spam bot client for 3G phones.…
IT admin sentenced for sabotaging employer's network
$30k rampage served cold
A former support admin was sentenced to one year in prison after admitting he shut down the servers of a large IT company a few months after his employment ended there.…
Twitter's underwear exposed after Google Apps hack
Biz Stone's briefs
An unidentified hacker has exposed confidential corporate and personal information belonging to microblogging site Twitter and its employees after breaching electronic accounts belonging to several people close to the company.…
HTC smartphones vulnerable to Bluetooth file sniffing
Still no fix
If you own a mobile phone made by HTC and connect using Bluetooth, there's a decent chance security researcher Alberto Moreno Tablado can rummage through sensitive files stored on the device using a critical bug in some of its wireless device features.…
Visa dings teen for $23-quadrillion restaurant charge
Admits 17-digit 'glitch'
Visa says a technical glitch is responsible for a rash of notices warning customers their accounts are overdrawn to the tune of $23 quadrillion.…
O2 caught in smartphone virus outbreak
Snazzy Toshiba TG01s infected
O2 in Germany has stopped sending out Toshiba TG01 smartphones, which have been inadvertently infected with malware.…
Juniper wraps remote types in security blanket
Measures self with Cisco yardstick
Juniper has stretched its enterprise security mechanisms to better protect all those machines logging into corporate networks from remote locations.…
MPs shown 'email evidence' of wider NotW snooping
'One bad apple' defence wormed into
A committee of MPs was presented evidence on Tuesday that several News of the World journalists were involved in illegal mobile phone hacks, piling further pressure on News International which maintains that only one rogue reporter was involved.…
Zero-day fixes star in MS Patch Tuesday
More of the same to come
Microsoft released six bulletins - three covering critical flaws - on Tuesday as part of its monthly Patch Tuesday update cycle.…
Three brothers jailed for credit card factory
Twelve years for the brothers PIN
Three brothers have been jailed for a total of 12 years for making fake credit and debit cards.…
BlackBerry update bursting with spyware
Official snooping suspected in UAE
An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.…
Quantifying Business Value of Information Security
Category: Management & Leadership
Paper Added: July 16, 2009
Chrome update contains Security fixes, (Sat, Jul 18th)
On Thursday, July 16, Google Chrome 2.0 ...(more)...
From the Mailbag - taking Oracle and it's CPU to task, (Sat, Jul 18th)
As a follow up to a previous Diary (Oracle Black Tuesday) we had a Storm Center participant, Brian, ...(more)...
Vulnerability in FireFox 3.5.1 confirmed, exploit PoC, no patch, (Sat, Jul 18th)
Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5 ...(more)...
Replacing Phishers with a Small Shell Script: Jakarta Bombing Malware, (Fri, Jul 17th)
Almost on cue, with the news of the bombing in Jakarta, the bottom-feeders of the black-hatters have ...(more)...
Cross-Platform, Cross-Browser DoS Vulnerability, (Fri, Jul 17th)
G-SEC posted an advisory of a nifty little vulnerability that affects most browsers on most platform ...(more)...
A new fascinating Linux kernel vulnerability, (Fri, Jul 17th)
Source code for a exploit of a Linux kernel vulnerability has been posted by Brad Spengler (Brad is ...(more)...
Firefox 3.5.1 has been released, (Fri, Jul 17th)
Thanks to all those who have sent in submissions overnight to alert us to the release of Firefox 3.5 ...(more)...
Nmap 5.0 released, (Thu, Jul 16th)
One of the must have tools for every person doing anything related to IT security is definitely Nmap ...(more)...
OWC exploits used in SQL injection attacks, (Thu, Jul 16th)
As we thought, it was just a matter of time before more attackers start exploiting the still unpatch ...(more)...
Changes in Windows Security Center, (Thu, Jul 16th)
An ISC reader wrote in about a change that occurred this month with the Windows Security Center (WSC ...(more)...
Make sure you update that Java, (Wed, Jul 15th)
One of our readers, Tom Ueltschi, sent an e-mail with details about an exploit that is exploiting a ...(more)...
Oracle Black Tuesday, (Tue, Jul 14th)
Oracle's quarterly patch release day was today as well. Oracle keeps details restricted to customer ...(more)...
ISC DHCP client updated, (Tue, Jul 14th)
The Internet Systems Consortium released patches to their dhcp implementation. The patches fix a st ...(more)...
Firefox 3.5 new exploit - confirmed, (Tue, Jul 14th)
Updated story, thanks to for helping figure it out! The mozilla security blog confirms an exploit a ...(more)...
Microsoft July Black Tuesday Overview, (Tue, Jul 14th)
Overview of the July 2009 Microsoft patches and their status. # ...(more)...
Infocon returning to green from MS Advisory 973472, (Tue, Jul 14th)
After the rush of the new vulnerability being published, exploits in the wild, and malware being dis ...(more)...
Ireland's Data Retention Bill (July 13, 2009)
Ireland's Communications (Retention of Data) Bill 2009 will require Internet service providers (ISPs) to retain users' Internet use information for one year; the bill also reduced the amount of time phone records must be retained from three years to two years.......
Study Finds Companies Lacking Disaster Recovery Plans (July 10, 2009)
A study of 117 small and medium-sized Irish businesses found that 43 percent have not established disaster recovery plans.......
Man Jailed in China for Infecting Software with Viruses (July 13, 2009)
A court in Shanghai has sentenced a man to two-and-a-half years in jail for inserting viruses into software products made by his former employer, an IT company.......
Chinese National Indicted for Export Violations (July 9, 2009)
Chi Tong Kuok has been indicted for alleged conspiracy, money laundering, smuggling and attempting to export a defense article without a license.......
South Korea Steps Up Pace of Establishing Financial Cyber Security Center (July 13, 2009)
South Korea has moved up the date for completion of a cyber security center for financial and economic institutions in the wake of recent cyber attacks on government, news, and financial websites.......
France Creates New Cyber Security Agency (July 9, 2009)
France has created a new national agency to help defend government and commercial networks from attacks.......
Twitter Hit by Koobface (July 10, 2009)
Twitter is suspending accounts of members whose computers are infected with Koobface.......
LexisNexis Warns of Data Security Breach (July 13, 2009)
LexisNexis has sent letters to more than 13,000 people, warning them that their personal information may have been accessed by a Florida man who is allegedly involved in a mafia racketeering conspiracy.......
Microsoft Warns of Zero-Day Flaw in Office Web Components ActiveX Control (July 13, 2009)
Just one day before its scheduled security release, Microsoft has issued an advisory warning of attacks that exploit an arbitrary code execution vulnerability in the Spreadsheet ActiveX control in Microsoft Office Web Components.......
Malware Responsible for DDoS Attacks Deletes Data on Host Computers (July 9 & 10, 2009)
The malware behind the distributed denial-of-service (DDoS) attacks that hit sites in South Korea and the US also includes instructions to delete data on the PCs it has infected starting on July 10, 2009, so the computers used in the attacks are at risk as well.......
No Hard Evidence Points to North Korea in DDoS Attacks (July 10 & 13, 2009)
South Korea was hit with a third wave of cyber attacks late last week, but the Korean Communications Commission has not listed North Korea among the possible origins of the attacks.......
Security Control Metric Eases Consensus Process (February 26, 2009)
The process of reaching a consensus on information security documents can sometimes get mired in endless, trivial discussions.......
PCI group releases wireless security guide
By Marcia Savage
Guide analyzes PCI requirements pertaining to wireless networks and provides recommendations.
Conficker authors prepping for next stage, researcher says
By Robert Westervelt
The Conficker worm authors have a vast army of zombie machines at their disposal. So far the botnet lie dormant, but one researcher will show at Black Hat that it could awaken.
Conficker authors prepping for next stage, researcher says
By Robert Westervelt
The Conficker worm authors have a vast army of zombie machines at their disposal. So far the botnet remains dormant, but one researcher will show at Black Hat that it could awaken.
Oracle issues quarterly patches, fixes database flaws
By SearchSecurity Staff
The database giant repaired critical flaws in Oracle Database, BEA WebLogic and Oracle E-Business Suite.
Mozilla warns of critical Firefox JavaScript vulnerability
By SearchSecurity.com Staff
Attackers could exploit the flaw by tricking a user into viewing a website with the malicious code.
Microsoft repairs critical DirectShow, Video ActiveX vulnerabilities
By Robert Westervelt
The software giant issued six updates this week as part of its Patch Tuesday updates. Three bulletins were rated critical.
Firefox 3.5.1 Fixes Security Vulnerability After Attack Code Hits the Streets
Mozilla has updated its Firefox browser to plug a critical security hole days after attack code for the vulnerability surfaced on the Web.
10 Ways IT Managers Can Deal with Social Media
With persistent reports about hacker attacks, compromised privacy and phishing scams, social networks can be scary places. But that doesn't mean the corporate world should run. IT managers can establish policies that protect corporate network and data security without shutting out social networks altogether. Here are some of the issues IT managers should keep in mind when dealing with social networks.
Twitter Attack Bigger Than Password Strength, Cloud Security Talk
A recent attack on the private e-mail account of an administrative employee at Twitter led to company data being compromised. But despite the focus on password strength and cloud computing, the security risk lies in the area of password recovery and security best practices.
Startup Fights Botnets with New Approach
Spammers have taken to cracking CAPTCHA protection for Microsoft Hotmail, Google Gmail and other Web mail services in recent years. Startup company Pramana is pushing a proactive approach to keeping botnets at bay.
Twitter Leak Illustrates Google Chrome OS Security Hazards
Recently leaked Twitter documents that were stored on Google Apps highlight a deeper issue - namely, when everything you do is stored online, how will you protect your personal data? As Google revs up its new Chrome OS, phishing and hacker attempts will be exacerbated. How, exactly, will you deal with your data security in this brave new world of data portability?
Microsoft Security Essentials Is Unexceptional in the Best Sense of the Word
The free Microsoft Security Essentials anti-virus solution, formerly known as Morro, works but won't blow your mind. With it, Microsoft is raising the security bar--albeit the lowest rung on the ladder--but integration with third-party solutions could result in something big.
Twitter Data Leaked After Hacker Targets Employee E-Mail
Internal company information from Twitter obtained when a hacker hit the private e-mail accounts of employees has been leaked out on to the Internet. The information ranges from the mundane - employee meal preferences - to Twitter's financial projections.
Microsoft Fixes 9 Flaws in Monthly Patch Release
Microsoft patches nine vulnerabilities for Patch Tuesday July 14. Among them are two critical security flaws that have come under attack by hackers.
Firefox Update Plugs Critical Security Hole
In Safety Tips
Mozilla has pushed out an update to Firefox 3.5 to plug a critical security hole that Security Fix warned about this week. According to the SANS Internet Storm Center, there have been reports of public exploits for this flaw being used in the wild.
PC Infections Often Spread to Web Sites
In Latest Warnings
Most people are familiar with the notion that a computer virus can be passed from PC to PC, but many folks would probably be surprised to learn that a sick PC can often pass its infection on to Web sites, too. Some of the most pervasive malicious software circulating today (e.g., Virut) includes spreading capabilities that hark back to the file-infecting methods of the earliest viruses, which spread by making copies of themselves, or by inserting their code into other files on the host system.
Spammers, Virus Writers Abusing URL Shortening Services
In Latest Warnings
Purveyors of spam and malicious software are taking full advantage of URL-shortening services like bit.ly and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether.
Microsoft Patches Nine Security Flaws
In New Patches
Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs.
Adam O'Donnell: The scale of security
The scale of security
Brief: Nmap gets a major upgrade
Nmap gets a major upgrade
Brief: Mozilla works to patch Firefox flaw
Mozilla works to patch Firefox flaw
News: BlackBerry update bursting with spyware
BlackBerry update bursting with spyware
Brief: Microsoft fixes 9 flaws as tenth fuels attacks
Microsoft fixes 9 flaws as tenth fuels attacks
Google's Chrome OS May Fail Even as It Changes Computing Forever (PC World)
In technology
PC World - Google says it is working on an operating system designed for netbooks that boots in seconds, is impervious to viruses, and is designed to run Web-based applications really well. What's not to like? Plenty--if you're the number one software maker, Microsoft. Expect a showdown. Google faces an uphill battle rolling out its operating system, Chrome OS. The irony is, Google may not care if Chrome OS succeeds or fails. Here's why.
CEO of Antivirus Vendor AVG to Step Down (PC World)
In technology
PC World - After two years at the job, the CEO of Dutch antivirus seller AVG Technologies is stepping down.
Microsoft Sues Mobile Ringtone Company for Phishing, Spam (PC World)
In technology
PC World - Microsoft has sued a Hong Kong seller of mobile ringtones, saying the company used phishing techniques to flood Microsoft Live Messenger users with spam messages.
Analysts See Alarming Development in Mobile Malware (PC World)
In technology
PC World - The first worm that spreads between mobile devices by spamming text messages has developed a new communications capability that one security vendor says signals the arrival of mobile botnets.
E-commerce Industry Opposes New Indian Online Security Rules (PC World)
In technology
PC World - A decision by India's central bank to mandate another level of authentication for card use for online transactions will deter such transactions in the country, according to an association of India's e-commerce industry.
Cyber attacks may have come from Britain: SKorea (AFP)
In technology
AFP - A Vietnamese computer security firm believes Britain was the likely origin of last week's cyber attacks that crippled major US and South Korean websites, Seoul officials said.
World - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - S. Korean police said computer hackers extracted files from computers they contaminated with the virus that triggered cyberattacks last week in the U.S. and S. Korea, a sign they tried to steal information from the victims. The finding adds to concerns that contaminated computers were ordered to damage their own hard disks.
Microsoft Office users attacked by cybercriminals (Reuters)
In technology
Reuters - Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair.
Survey Finds One in Six Consumers Act on Spam (PC World)
In technology
PC World - About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.
SB09-194: Vulnerability Summary for the Week of July 6, 2009
Vulnerability Summary for the Week of July 6, 2009
TA09-195A: Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities
MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (July 15, 2009): Added command line instructions for Windows Vista and Windows Server 2008. Also removed erroneous entry of update log file.Summary: This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (July 15, 2009): Added a link to Microsoft Knowledge Base Article 969693 under Known Issues in the Executive Summary. Added information about additional security features included in this update to the Frequently Asked Questions (FAQ) Related to This Security Update section. Corrected the update filename for Office Publisher 2007 (publisher2007-kb969693-fullfile-x86-glb) in the Security Update Deployment section. These are informational changes only. There were no changes made to the security update files in this bulletin.Summary: This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin Summary for July 2009
Revision Note: V1.1 (July 15, 2009): Updated Executive Summary for MS09-032; corrected restart requirement for MS09-029; and performed miscellaneous edits.Summary: This bulletin summary lists security bulletins released for July 2009.
Microsoft Security Bulletin MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Summary: This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 15, 2009): Clarified a FAQ about the workaround from Microsoft Security Advisory 972890, added a FAQ about Microsoft Security Advisory 973472, and added a FAQ about the kill bits contained in this bulletinSummary: This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-031 - Important: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (July 14, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
Microsoft Security Bulletin MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Summary: This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-029 - Critical: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 15, 2009): Updated the restart requirement descriptions for all updates in the Update Information section to clarify that in some cases, this update does not require a restart.Summary: This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (July 14, 2009): Bulletin published.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Revision Note: V1.1 (July 15, 2009): Updated the impact description of the workaround, "Prevent Office Web Components Library from running in Internet Explorer."Summary: Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
Microsoft Security Advisory (969898): Update Rollup for ActiveX Kill Bits
Revision Note: V1.1 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Microsoft security updates for July 2009
Learn about and download the latest computer security updates for July 2009. Read tips on protecting your computer by using anti-spyware and anti-spam programs.
MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Bulletin Severity Rating: - This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-031 - Important: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Bulletin Severity Rating: - This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-029 - Critical: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Security Bulletin Webcast Video, Questions and Answers – July 2009
By MSRCTEAM on Security Update
Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components).
There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?”. The answer to that question is no, you can install the security update right on top of the Fix it workaround.
Another area where we were asked for clarification was if the cumulative security update of ActiveX Kill Bits contained the kill bit for the OWC advisory (973472). Good question. The kill bit provided in the advisory is not part of MS09-032. The issue discussed in the advisory is still under investigation and when that is complete, we will take appropriate action to protect customers. Meanwhile, we encourage all customers to evaluate and apply the workaround as quickly as possible.
With that, here is the complete list of questions and answers and I invite you to view the video below from today’s webcast.
More viewing and listening options:
- Windows Media Video (WMV)
- Windows Media Audio (WMA)
- Large Preview Image (PNG)
- Small Preview Image (PNG)
- iPod Video (MP4)
- MP3 Audio
- Streaming WMV (512kbps)
- Zune Video (WMV)
Please join us August 12th for our next regularly scheduled webcast following the August bulletin release where we will again have a room full of subject matter experts to answer all of your questions.
Thanks!
Jerry Bryant
*This posting is provided "AS IS" with no warranties, and confers no rights.*
July 2009 Bulletin Release
By MSRCTEAM
Summary of Microsoft’s monthly security bulletin release for July 2009.
This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days. In fact, as we discussed in the advance notification blog post last week, two of those are under active attack and were discussed in security advisories which are being replaced with the release of these bulletins.
The remaining three bulletins are all rated Important and affect Microsoft Office Publisher, Microsoft ISA Server, and both Virtual PC and Virtual Server. The first two also have Exploitability Index ratings of “1” so please consider this while doing your risk assessment.
In total, we are addressing nine vulnerabilities this month. All of these vulnerabilities have an Exploitability Index rating of “1” except for the single vuln being addressed in the Virtual PC bulletin, MS09-033 which is rated a “2”.
In the video below, Adrian Stone and I provide a little more discussion on risk and impact concerning this month’s bulletins and Security Advisory 973472 which we released yesterday, July 13, 2009, for Office Web Components:
More viewing and listening options:
- Windows Media Video (WMV)
- Windows Media Audio (WMA)
- Large Preview Image (PNG)
- Small Preview Image (PNG)
- iPod Video (MP4)
- MP3 Audio
- Streaming WMV (512kbps)
- Zune Video (WMV)
We invite you to attend our regular monthly webcast tomorrow where we will go in to detail on each bulletin and address your questions with the help of a room full of subject matter experts. Please also check the Security Research and Defense blog for additional technical information on these updates.
Webcast info: Wednesday, July 15, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.
Thanks!
Jerry Bryant
*This posting is provided "AS IS" with no warranties, and confers no rights*
Considering remote access for IT professionals
By blue@jinx.dk (Jesper M. Christensen)
Taking a look on some different types of remote access solutions that you can use for internal and external support.
No comments:
Post a Comment