Browse by Tags
All Tags »
Security (RSS)
ComputerWorld has a very interesting article this week that talks about how immature Oracle's patch management program for customers is, compare to Microsoft's . As the following quote indicates, there are things that vendors should be doing to provide
Read More...
Yes, we know that information security in an interconnected world is not trivial. We accept that configuration errors or malicious insiders or new, complex threats might conspire to provide opportunities for a breach. But who says that it is acceptable
Read More...
Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc. , I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have
Read More...
In today's story of immense irony , we find a vendor taking time to bash another vendor for a security flaw, only to have diligent 3rd parties point out that the flaw exists for the bashing vendor as well. What a waste of time. If folks would focus more
Read More...
On a number of fronts, April 2007 is turning out to be a very interesting month for me. For this particular post, we'll just touch on Information Security again. A recent report from MessageLabs indicates very clearly that targeted security attacks are
Read More...
It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in
Read More...
Does fulfilling your regulatory compliance requirements actually lead you to be more secure? Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary,
Read More...
As if we needed another reason... A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems . That's possible with a new security tool called Jikto. The
Read More...
The Second Service Pack for Windows 2003 (both x86 and x64 editions) and for XP Professional, x64 Edition was released without much fanfare a week ago. There was initially some controversy in the Release Notes which suggested that one would need to uninstall
Read More...
It's pretty much official now (in case you didn't believe it before): We have exited the Worm era , and jumped head first into the era of specialized and targeted attacks ... According to a recent article by ComputerWorld, SANS security organization sees
Read More...
The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations. The site is called Zero-Day Tracker , and can be found at the following URL: http://research.eeye.com/html/alerts/zeroday/index.html
Read More...
According to some reports , spyware is getting harder and harder to control. The sophistication of the malware makers is growing at a much faster pace than that of the security industry, even to the point of proof-of-concept adware code being developed
Read More...
The Microsoft AntiMalware team has recently published a paper discussing some of the data collected by their monthly AntiMalware tool. A summary of the article is available on the SANS website , and the full article is available from Microsoft at the
Read More...
More About Sophisticated Malware http://isc.sans.org/diary.php?storyid=1871 Virtual machine detection is a self-defensive property of many malware specimens. It is aimed at making it harder to examine the malicious program, because virtualization software,
Read More...
Process Monitor v1.0: http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines
Read More...