November 2007 - Posts

• Holiday Safety Tips - Don't Fall Prey to Holiday Scams

  Minyanville is a neat site that offers stock market and investment tips. These 6 tips are excellent in avoiding scam artists that try to take advantage of this business season. Holiday Safety Tips - Don't Fall Prey to Holiday Scams http://www.minyanville.com/articles/index/a/14897 QUOTE: The holidays bring good cheer, mistletoe – and scam artists. Holiday scammers play on your trusting nature, desire for a bargain and “urgent need” to update your financial information in their continuing quest to separate you from your money.  Keep an eye out for these holiday scams: 1. Avoid E-Card greetings 2. Phony Sign-Up Tables at the mall or other public places offering charge cards 3. Emails requesting "Account information needed"  4. Emails, phone calls, or regular mail claiming "You are the winner" 5. Emails or regular mail claiming that "You are approved for credit cards" 6. Other telemarketing scams SUMMARY: Just remember what your mother taught you: If it’s too good to be true, it’s a scam. Keep that in mind and no crook will spoil your holiday. Posted Nov 30 2007, 09:18 PM by hwaldron with no comments

• Good E-commerce safety tips from Webroot

  This advice is excellent for better ensuring safety while shopping online during the holidays.  QUOTE: 5 Ways To Increase Safety While Shopping Online 1. Shop from Reliable Retailers. It's wise to do business with companies you already know and trust. If the retailer is unfamiliar, look up information on the company with the Better Business Bureau or the Office of the State Attorney General in the state where the seller is located. 2. Use a Credit Card, Not a Debit Card Online. Credit cards limit your liability for unauthorized charges to $50. You're not assured this protection with a debit card. 3. Ask about Single Use Credit Cards. Some credit card companies use a new technology that allows them to issue a single use credit card number for online purchases. With this number, you avoid having to use your real credit card number online, so security isn't jeopardized. 4. Avoid Buying On Public Computers. A hacker or thief can easily put a keylogger on a public computer that allows him or her to know everything you've typed — including your credit card numbers and passwords. Stay away from public access computers when shopping! 5. Don't Save Your Credit Card Numbers Online. Many reputable sites give you the option to save credit card numbers online to make future purchases easy. However, if the company's database is ever successfully hacked, your information could be exposed. It's safer to re-enter your numbers with each transaction. Webroot Safe Holiday Shopping Guide - (PDF format, 16 pages, 1.8MB) http://www.webroot.com/pdf/Webroot_HolidayShopping_USA_1107.pdf Posted Nov 30 2007, 05:04 PM by hwaldron with 1 comment(s)

• Internet Search poisoning - 2nd wave could be on the way?

  I may have spoken too soon, as a new batch of .cn sites are starting to show up, according to Sunbelt Internet Search poisoning - 2nd wave could be on the way? Sunbelt is reporting new seedings for the .cn domain (China) oriented websites in Google (and this could  possibly show up in other search engines). The sites are not launching exploit attacks yet, but this could change.  What to avoid:  Avoid unusual sites with random letter/number combos, numerical IP addresses, and sites which end in a domain name of "cn" from Internet searches. Sunbelt: HEADS UP: More Google poisoning on the way? http://sunbeltblog.blogspot.com/2007/11/heads-up-more-google-poisoning-on-way.html quote: Google has removed the sites responsible for the recent massive Google poisoning attack. However, we’re seeing indications that another attack may be on the way. We have seen another spate of websites freshly registered, using the similar .cn domains. There seem to be two different groups here.  Right now, we’re not seeing either site serve exploits, as we saw in the last attack. However, this could change. Posted Nov 29 2007, 06:44 PM by hwaldron with no comments

• Majority of Internet bandwidth consumed by P2P services

  Some interesting research posted in entries below. The participants could be getting more than just music or video, as this environment is also a major conduit for malware Majority of Internet bandwidth consumed by P2P services http://blogs.techrepublic.com.com/tech-news/?p=1651 Consumption moves to 95% at night http://arstechnica.com/news.ars/post/20071128-nocturnal-p2p-transmissions-account-for-95-percent-of-internet-bandwidth.html QUOTE: New research from German deep packet inspection gear maker Ipoque shows that P2P traffic consumes anywhere between 49 and 89 percent of all Internet traffic in the day. At night, it can spike up to an astonishing 95 percent. Posted Nov 29 2007, 04:21 PM by hwaldron with no comments

• Google fixes Malicious redirects to malware sites from it's search results

  Good news = Google has filtered out these malicious sites from it's indexes    Bad news = These malicious sites are still out there on the Internet Google fixes Malicious redirects to malware sites from it's search results   The malicious redirecting sites are still present and folks need to be cautious at all times.  The improved filtering should help reduce the likelihood of hostile sites being returned on the 1st few pages of a search. Google expunges malware sites from search results http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049820 QUOTE: Google Inc. has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed today. "They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software, the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites. Posted Nov 29 2007, 02:33 PM by hwaldron with no comments

• Thousands of Malicious Web Page redirects - Be careful with Internet searches

  Some updates are noted below on this very serious threat related to malicious web sites that may be offered from Internet searches (e.g., Google).  Numerous malicious pages are being created in a manner that they will appear prominently on the 1st few pages of a search (e.g., ranked high in order of appearance from a search and the malware gang appears to be keyed in on Google's site ranking methodology). Below is some excellent advice from Sandi on what to avoid: http://msmvps.com/blogs/spywaresucks/archive/2007/11/27/1359221.aspx QUOTE: Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they're all Chinese domains. Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn't look right, and certainly avoid 'nonsense' domains like those in the Sunbelt screenshots Below is the latest update from Sunbelt on this threat:  http://sunbeltblog.blogspot.com/2007/11/malware-redirects-aftermath_27.html QUOTE: Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages. Sunbelt is classifying this particular threat as follows in CounterSpy: SCAM.IWin Malware Family http://research.sunbelt-software.com/threatdisplay.aspx?name=Scam.Iwin&threatid=43561 QUOTE: Scam.Iwin is created by a browser exploit for the purpose of transmitting false clicks to internet URLs.  The victim's computer is used to generate income for the attacker in a pay-per-click affilate program by transmitting false clicks to the attacker's URLs without the user's knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet. Scam.Iwin is thought to be related to CoolWebSearch. Original post from yesterday: http://myitforum.com/cs2/blogs/hwaldron/archive/2007/11/27/internet-searches-massive-number-of-redirects-to-malicious-sites.aspx Posted Nov 28 2007, 05:16 PM by hwaldron with no comments

• Lotus Notes - vulnerable to attack thru "123" extension

  If the "123" extension type (Lotus 1-2-3 spreadsheet format) is not being used, this might be valuable to add to the email attachment blocking list used by Lotus Notes shops.  There are some workarounds for version 5 and 7 and IBM may have a version 6 solution by the end of the month.  Lotus Notes - vulnerable to attack thru "123" extension http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049439 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21285600 QUOTE: Sebastián Muñiz from the CORE IMPACT Exploit Writers Team (EWT) at Core Security Technologies contacted IBM® Lotus® to report a potential keyview buffer overflow vulnerability in Lotus Notes® when viewing a Lotus 1-2-3 (.123 extension) file attachment. In specific situations it was found that the possibility exists to execute arbitrary code. To successfully exploit this vulnerability, an attacker would need to send a specially crafted Lotus 1-2-3 file attachment to users, and the users would then have to double-click and View the attachment. Posted Nov 28 2007, 04:05 PM by hwaldron with no comments

• SQL Server 2008 - Excellent overview of features shared by MVP Brad McGehee

  There are a number of new features and improvements that the next version of SQL Server will provide when it is released in 2008. MVP Brad McGehee discusses the ins and outs of SQL Server 2008 http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1283694,00.html QUOTE: With the release of the recent SQL Server 2008 Community Technology Preview, and a final product expected in the second half of 2008, SQL Server MVP Brad McGehee shared some of his insights with SearchWinIT.com on the product's complexity, what's new for IT managers and DBAs and where the database still needs a little work. Posted Nov 28 2007, 03:54 PM by hwaldron with no comments

• Internet Searches - Massive number of redirects to malicious sites

  Sunbelt posted this cautionary note today noting that folks should be careful when selecting links provided from an Internet search. One theory for the seeding might be malicious links posted in blogs, forums or other community sources? Given the dangers of email and hostile URLs, it's important for folks to stay as up-to-date as possible on security patches, AV protection, and old fashioned common sense BREAKING: Massive amounts of malware redirects in searches http://sunbeltblog.blogspot.com/2007...f-malware.html QUOTE: We’re seeing a large amount of seeded search results which lead to malware sites. These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router. Posted Nov 27 2007, 10:00 PM by hwaldron with 1 comment(s)

• Apple Quick Time and iTunes Critical Vulnerabilities

  Quicktime and possibly iTunes processing could be affected by malformed RSTP headers found in QT music formats.  Users should be careful with email attachments and website visitation, plus watch for any forthcoming QT updates, as Apple will most likely patch this serious vulnerability promptly. Apple QuickTime and iTunes Critical Vulnerabilities  http://secunia.com/advisories/27755/ http://isc.sans.org/diary.html?storyid=3690 http://www.frsirt.com/english/advisories/2007/3984 http://www.kb.cert.org/vuls/id/659761 http://www.f-secure.com/weblog/archives/00001325.html QUOTE: Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability. ISC UPDATE-1:  We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows.  Keep in mind that other attack vectors may be vulnerable as well. ISC UPDATE-2:  Firefox has been reported as an exploit vector as well. Posted Nov 27 2007, 02:37 PM by hwaldron with no comments

• Wireless Security - 10 tips to secure your laptop

  While these 10 tips shared in an Information Week article require some work, they will help ensure safety both at home and while on the road as well: Wireless Security - 10 tips to secure your laptop http://www.informationweek.com/news/showArticle.jhtml?articleID=203102748 QUOTE: Whether you're home or on the road, these security steps will help protect you and your computer from wireless scoundrels: 1. Make sure you are connecting to the right network. 2. Secure your connection. 3. Use frequency settings that are different from others 4. Find the strongest signals 5. Turn off your wireless network adapter when you are on the plane 6. Use whole disk encryption on your laptop 7. If you are having trouble connecting to a network, trying rebooting Windows 8. Make sure you have a firewall and it is running 9. Pick your hotspot connection and your supplier carefully 10. Finally, don't blithely accept SSL certificates and SSH public keys Posted Nov 26 2007, 02:17 PM by hwaldron with 1 comment(s)

• AVERT Labs - Major Security threats envisioned for 2008

  AVERT Labs, a security division for McAfee, has projected 10 top threats for 2008 based on current trends.  http://www.avertlabs.com/research/blog/index.php/2007/11/19/avert-labs-2008-threat-predictions/ QUOTE:  The complete set of predictions is available for download on McAfee’s Threat Center (PDF link here) as well as a bonus episode of our podcast Audio Parasitics. Posted Nov 21 2007, 07:47 PM by hwaldron with no comments

• New Targeted Attacks - Claim to be from Department of Justice

  I recently received a copy and this is well crafted.  The email address is spoofed to appear as if it came from this government agency and text related to the company complaint appears to be convincing    This as I'm not the proper person this should be addressed to, I was 99% certain this was similiar to other recent attacks and avoided any infections.  Email attacks can be both convincing and dangerous   In this case, McAfee DAT protection came a few days after receving this copy (and they are usually among the 1st of AV companies providing protection).  When any unexpected email message calls for action, it's always beneficial to pause and avoid taking any actions.  In most cases, an unexpected email of this nature is an attack.  When in doubt, verify an email message through a phone call or via the true main web site.   McAfee Information - Keylog-LMtry Trojan http://vil.mcafeesecurity.com/vil/content/v_143577.htm Washington Post http://blog.washingtonpost.com/securityfix/2007/11/a_fresh_round_of_targeted_emai.html?nav=rss_blog WebSense Alert http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=822 Posted Nov 20 2007, 09:44 PM by hwaldron with no comments

• Firefox 3.0 Beta 1 - Now Available

  Firefox is a highly functional and fairly secure browser, which can be used to complement Internet Explorer 7 in the Windows environment. I've been testing the alpha version (aka Minefield) for several months and it has been reliable with just a few crashes experienced. The 1st beta was installed using the "clean install" techniques and so far it seems to be working well Firefox 3.0 Beta 1 - Now Available http://www.mozilla.com/en-US/firefox/all-beta.html QUOTE: The Mozilla Corporation today released Firefox 3 Beta 1, which is now available for download in a variety of languages. The beta includes updates to the default theme, the new places site management features, improved security architecture, and Gecko 1.9. Firefox 3.0 Beta 1 - Release notes http://www.mozilla.com/en-US/firefox/3.0b1/releasenotes/ Firefox 3.0 Project Page http://wiki.mozilla.org/Firefox3 Related Mozilla Blog entries http://blog.mozilla.com/blog/2007/11/20/firefox-3-beta-1-ready-for-testing/ http://developer.mozilla.org/devnews/index.php/2007/11/19/firefox-3-beta-1-now-available-for-download/ Posted Nov 20 2007, 09:36 PM by hwaldron with no comments

• Sarbanes-Oxley 404 - Good resources describing IT financial controls

  The following resources are excellent in defining the requirements related to SOX 404 IT controls: SOX 404 Powerpoint presentation by EKS&H (11 slides, 820KB) selecting this link will download this PPT file http://www.hftpcoloradofrontrange.org/dwnlds/HFTP_SOX_Presentation.ppt SOX 404 PDF detailed requirements by KPMG (48 pages, 880kb) http://www.kpmg.com/aci/docs/PCAOB_S-O_404_v9.pdf ISACA - Free PDF version of COBIT 4.0 http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1920 QUOTE: The ISACA is now offering a free PDF versions of COBIT 4.0, (plus the older 3.0 standards as well). You'll need to follow the registration process through and once you become a member you can login and obtain a PDF copy. There are also additional benefits and documents if you become a paid member of ISACA. Many external audit firms use COBIT standards to ensure SOX 404 requirements are met. This free benefit can help folks get started with key IT standards they may need to implement to safeguard their financial systems  Posted Nov 16 2007, 03:00 PM by hwaldron with no comments

• Storm Worm - now uses Geocities based links

  Please beware of any spam emails that contain Geocites links, as this is the lastest storm worm tactic Storm Worm - now uses Geocities based links http://blog.trendmicro.com/storm-brews-over-geocities/ QUOTE: Storm is back, and according to TrendLabs researchers, the infamous malware family has added yet another twist to their tactics.  “It looks like Google will have its hands full in the next couple of days,” Senior Threat Researcher Ivan Macalintal says. “There are limited reports that the Storm worm may be spamming emails with links to a Geocities site. This was seen in the monitoring of the spam templates being sent via Storm communications to its botnets.” This newest chapter in the Storm saga proves that the creators of the said malware are still very much active. Its use of a popular free server like Geocities and disguising itself as a plug-in may mean that they are still looking for more systems to infect. Posted Nov 15 2007, 03:31 PM by hwaldron with no comments

• Visual Studio 2008 - To be released in November

  A new version of this key development platform will be released during the month. Visual Studio 2008 - To be released in November http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9045563  QUOTE:  Microsoft Corp. on Monday committed to releasing Visual Studio 2008 and its .Net Framework 3.5 technology by the end of this month.  Soma Somasegar, corporate vice president of Microsoft's developer division, made the announcement at the company's TechEd Developers 2007 conference in Barcelona, Spain. He also announced a Community Technology Preview (CTP) release of a new tool that developers will be able to use to enable collaboration and offline capabilities for any applications. Microsoft Announcement at TechEd 2007 http://www.microsoft.com/presspass/press/2007/nov07/11-05TechEdDevelopersPR.mspx Visual Studio 2008 - Some of the key expected features http://msdn2.microsoft.com/en-us/vstudio/products/default.aspx Visual Studio Home Page http://msdn2.microsoft.com/en-us/vstudio/default.aspx Posted Nov 15 2007, 12:56 PM by hwaldron with 1 comment(s)

• Windows Server 2008 provides improved security

  This article from Government Computer News provides a good high level summary of key features, which include: - Firewall on by default - Bitlocker capabilities - Network Access Protection (NAP) - Internet Information Server 7 (IIS7) - Remote management improvements - Read-only Domain Controllers - Enhanced authentication in Active Directory environment     GCN Article: Windows Server 2008 provides improved security http://www.gcn.com/online/vol1_no1/45401-1.html QUOTE: Microsoft Corp. unveiled a significantly more secure server operating system in showcasing its new Windows Server 2008 last week at the Microsoft Windows Server Technical Summit held in Redmond, Wash. Posted Nov 14 2007, 04:15 PM by hwaldron with no comments

• Best Practices - Don't call phone numbers in spam email

  Spam authors continue to craft highly convincing schemes. For example, they can use disposable phones and even spoof the caller-ID display number so it appears to be officially coming from a bank or credit union. They may ask for highly confidential information (e.g., SSN, bank account, credit cards). Finally, if information is revealed, they can use this in identity theft or direct fraud attacks  The specific attack documented by the Internet Storm Center is one where the email recipient appears to have their credit card or bank account locked out due to highly unusual activity. If individuals panic and rely on these email messages, the phone call may appear to be legitimate as they provide sensitive details related to their accounts. Later, they may become victims where it could weeks or months to straighten these matters out. If you receive phone numbers in suspicious documents and are unsure, contact the bank or firm directly using the publicly listed phone numbers in the phone directory or at their official websites instead. Social Engineering Techniques - Don't call phone numbers in spam email http://isc.sans.org/diary.html?storyid=3639 QUOTE: From an awareness point of view to your customers and users: * not only to teach your users not to follow links in (possible) phishing messages, but to use bookmarked URLs instead * but to also tell them to use only contact data from a safe location (and especially nothing originating directly or indirectly from the email message itself) Below is also an excellent site to help validate toll free numbers, where the caller-ID information is listed as Private or Unavailable Site listing Suspect Toll Free Phone Numbers http://800notes.com/ News related Toll Free calls http://800notes.com/articles/NewsList.aspx Best Practices - Toll Free Calls http://800notes.com/articles/ArticleList.aspx Posted Nov 14 2007, 03:08 PM by hwaldron with no comments

• Microsoft Security Bulletins - November 2007

  MS07-061 is a "patch now" vulnerability with active in-the-wild exploits.  So far, so good on my 2 systems at work Microsoft Security Bulletins - November 2007 https://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx Microsoft is releasing the following two new security bulletins for newly discovered vulnerabilities: Bulletin Number: MS07-061 (Windows Shell vulnerabilities) http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx Maximum Severity: Critical Affected Products: Windows XP, Windows Server 2003 Impact: Remote Code Execution Bulletin Number: MS07-062 (DNS spoofing vulnerabilities) http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx Maximum Severity: Important Affected Products: Windows 2000, Windows Server 2003 Impact: Spoofing Posted Nov 13 2007, 10:09 PM by hwaldron with no comments

• Seagate - A few Maxtor 3200 hard drives may contain a virus

  This is shared more in interest that you can never be too careful, even with a brand new hard drive from the factory.  Seagate - A few Maxtor 3200 hard drives may contain a virus http://www.infoworld.com/article/07/11/12/Seagate-ships-virus-laden-hard-drives_1.html QUOTE: Seagate is warning that a "small number" of its Maxtor Basics Personal Storage 3200 hard drives recently shipped with the Virus.Win32.AutoRun.ah virus, malicious software that "searches for passwords for online games and sends them to a server located in China," according to a note posted on the Seagate Web site. Only drives purchased since August 2007 are affected, Seagate said.  The hard drive maker is blaming an unnamed subcontractor, located in China, for the problem. Posted Nov 13 2007, 08:13 PM by hwaldron with no comments

• Sarbanes Oxley turns five years old

  Below is an interesting commentary related to the SOX regulatory requirements which are imposed on all publicly traded companies in the United States. While I personally feel there have been many benefits, SOX has been costly. Some of the requirements have also been sometimes difficult (e.g., SOX 404) which have excerbated the overall cost factors. Hopefully, the forthcoming changes will help alleviate some of these costs MARKETWATCH: Sarbanes-Oxley turns 5 amid mixed results http://www.marketwatch.com/news/story/sarbanes-oxley-turns-five-proponents-see/story.aspx?guid=%7B864E903B%2D7DED%2D4544%2DAD41%2D9DD5BFC5173E%7D QUOTE: SAN FRANCISCO (MarketWatch) -- Congress enacted Sarbanes-Oxley in 2002 in the wake of the spectacular collapse of Enron Corp. in an accounting scandal. The collapse led to the demise of auditor Arthur Andersen, one of the "Big Five" accounting industry giants. Soon after Enron imploded, telecom giant WorldCom blew up in its own accounting scandal. It was with WorldCom in mind that lawmakers added the now infamous section 404 to SOX, which requires that chief executives and chief financial officers personally certify that financial statements are complete and accurate, under penalty of jail time. The kicker has been the responsibility of auditors to attest to management's assertions, which critics contend led to additional cost burdens. A survey released this year by the Financial Executives Research Foundation revealed that the average 2006 cost for SOX compliance was $1.2 million at publicly-traded companies for auditor attest statements alone. If this estimate, which did not factor in money spent on internal preparation, was to include all filers at more than 15,000 public concerns, it would equal about $180 billion in 2006 costs. Posted Nov 09 2007, 09:23 PM by hwaldron with no comments

• Web Site Defacements using obuscated script attacks affect 52,000 pages

  Web Site Defacements using obuscated script attacks affect 52,000 pages This web server based attack has impacted several sites recently.  While these are most likely less mainstream sites, folks should be cautious with email links or web site visitation http://isc.sans.org/diary.html?storyid=3621 QUOTE: Zack wrote to us yesterday to report a mass defacement. After a brief look, we were able to confirm his finding that the following script tag (obfuscated) had been injected in over 40,000 pages across the internet, covering around 150 domains which we so far know of.  This script generates a page containing several hidden iframe components. These link to other pages that contain browser specific exploit code, such as the common ADODB exploit. This code downloads, without prompting, a small number of executable droppers, and executes them on vulnerable systems. http://isc.sans.org/diary.html?storyid=3625  UPDATE: The good news so far is that the executable being downloaded seems to be detected by most AV products.  The sad news is that when I checked the other day the number of infected sites was about 30K and now about 52,000 sites. Posted Nov 09 2007, 01:43 PM by hwaldron with no comments

• Microsoft Windows Live goes Live

  Windows Live has now moved from beta status to an official product offering  Microsoft Windows Live goes Live http://www.eweek.com/article2/0,1895,2212895,00.asp QUOTE: Microsoft has officially taken the beta moniker off the next generation of its Windows Live services, which it launched at events in New York and Los Angeles on Nov. 6. This new generation of Windows Live will be available in 36 languages and 59 countries across the world, and is the first integrated release of the services. Windows Live is designed to focus on three main things: putting the user at the center, providing an integrated experience across everything that Microsoft does on this front and bringing the best of the Web to Windows. Windows Live updated suite announced in September http://www.eweek.com/article2/0,1895,2179267,00.asp Windows Live Home Page (2.8MB download) http://www.windowslive.com/ Windows Live Functional Overview http://www.windowslive.com/overview.html Windows Live Security Page http://www.windowslive.com/protect.html Posted Nov 07 2007, 06:34 PM by hwaldron with no comments

• MSDN Magazine - It's all about Security this month

  NOVEMBER 2007 Volume 21 Number 10 http://msdn.microsoft.com/msdnmag/issues/07/11/default.aspx • Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software Michael Howard • Crash Course: Analyze Crashes to Find Security Vulnerabilities in Your Apps A. Abouchaev, D. Hasse, S. Lambert, and G. Wroblewski • Code Reviews: Find and Fix Vulnerabilities Before Your Application Ships M. Chmielewski, N. Clift, S. Fonrobert, and T. Ostwald • Fuzz Testing: Create a Custom Test Interface Provider for Team System Dan Griffin Posted Nov 07 2007, 03:06 PM by hwaldron with no comments

• SPAM - Using Google Advanced Search to hide malicious URLs

  Spam filters often check email for MIME compliancy, plus they evaluate URLs embedded in the message itself.  Symantec and Sunbelt are reporting a new tatic used by spammers where they emulate the "I'm feeling lucky" button in a Google search to embed their own website into Google's advanced search format   To the email spam filter, it may appear to be a safe Google based URL, but instead it points to the spam website, which may even contain adware or spyware agents   Always, be careful with email and avoid clicking on attachments or URLs when they appear to be suspicious. Otherwise "bad luck" may occur if you avoid this cautious approach SPAM - Using Google Advanced Search to hide malicious URLs http://sunbeltblog.blogspot.com/2007/11/ingenious-new-method-used-by-spammers.html http://www.symantec.com/enterprise/security_response/weblog/2007/11/googles_advanced_search_operat.html quote: Feeling lucky? Here’s what the spammer did to pull off this little magic trick: 1. The spammer devised a query string which yielded only his or her URL as result of an advanced Google search. 2. The spammer then simulated the click of the "I'm Feeling Lucky" button (notice the '&btnl=' at the end of the above URL) that will take you to the URL of the first result that comes up for the entered search query. Example of manipulating Google's "I feel lucky" search: http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/JS_gogspam2_lrg.html 3. Lastly, the spammer packed this URL into a regular email and sent it out to evade spam filters. Posted Nov 06 2007, 04:45 PM by hwaldron with no comments

• Castlecops PIRT - Prevented over $150 Million in Phishing attack losses

  H] Paul Laudanski, founder of the Castlecops, reports that an estimated $150 million in losses have been prevented through the work of the PIRT team in "frying phish" and even taking down malicious web sites.  While Castlecops promotes awareness like many security firms, they go the extra mile in reporting malware to authorities and even working to combat hostile attacks (e.g., phishing, malware, and spam).  These efforts are greatly appreciated in making email and the Internet a little safer through the efforts of all the teams participating there.  I've also been a member of Castlecops for a couple of years and assist in sharing new security developments and best practices in the forums. Castlecops PIRT - Prevented over $150 Million in Phishing attack losses http://www.castlecops.com/a6843-PIRT_has_prevented_over_150_Million_US_in_Stolen_Monies.html http://www.castlecops.com/article-topic-66.html QUOTE: Since May 2006, our Phishing Incident Reporting and Termination team has directly prevented more than $80 million in credit card losses, and indirectly an additional $75 million by working with our partners. We've shut down not only phish sites, but drops all the while preserving evidence for law enforcement. And we need your help by donating your time as handlers to keep on investigating phish crimes so we can continue to prevent even greater numbers.  PIRT right now is receiving around 47,000 unique phish submissions per month. Our PIRT handlers are doing amazing work and trailblazing new roads in phish investigations and intelligence. Some of the key services provided by Castlecops include: PIRT - Phishing Incident Reporting and Termination http://www.castlecops.com/pirt MIRT - Malware Incident Reporting and Termination http://www.castlecops.com/mirt SIRT - Spam Incident Reporting and Termination http://www.castlecops.com/sirt Castlecops - Free Technical and security forums http://www.castlecops.com/forums.html Castlecops - Advanced Malware Removal (HiJackThis analysis) http://www.castlecops.com/HijackThis.html Posted Nov 05 2007, 03:04 PM by hwaldron with no comments

• Password Strength - Length is more important than complexity

  In testing internal corporate security in the past, I've also seen that longer passwords require more time to crack than shorter ones.  Every character added to the password length better protects you.  Using LophtCrack, CAIN, and other password testing tools I had also run experiments on password lengths from 3 through 8 characters. While the 3 character passwords would be found almost instantly, times increased exponentially for each subsequent test as the password grew in size. Both complexity and length are important. The point of the blog post is that a short complex password may not offer sufficient protection even though in human terms it may seem more difficult to guess.  Password strength is all about increasing combinations and permutations of character strings and longer passwords make the difference.  It might be good to ensure all passwords are eight or more characters.  http://www.avertlabs.com/research/blog/index.php/2007/11/02/password-policy-length-vs-complexity/ QUOTE: The bottom line: * In general, password length trumps password complexity. This applies to both cracking and rainbow table attacks. * Given the opportunity, users will choose the simplest passwords, such as ‘Password1!’ * Make sure you account for human tendencies that include usernames in passwords, too many repeating characters, passwords based on dictionary words, capitalization of the first letter, symbols & digits at the end, etc. * Enforce your password policy Posted Nov 02 2007, 07:34 PM by hwaldron with no comments

• Mozilla - Security Vulnerabilities Master List for all Products

  This site provides an overall of all Mozilla products and their history in fixing security issues.      Mozilla - Security Vulnerabilities Master List for Products http://www.mozilla.org/projects/security/known-vulnerabilities.html "Bugzilla" is the tracking system for all outstanding Mozilla issues. To find currently outstanding issues for Firefox, please enter terms of Firefox as product and security as search word: https://bugzilla.mozilla.org/query.cgi Posted Nov 02 2007, 02:00 PM by hwaldron with no comments

• Mozilla Firefox 2.0.0.9 Release

  Release notes suggest it's only stability fixes, no security fixes.    Mozilla Firefox 2.0.0.9 Release Notes http://www.mozilla.com/en-US/firefox/2.0.0.9/releasenotes/ Posted Nov 02 2007, 01:49 PM by hwaldron with no comments