October 2009 - Posts

Star Below are a list of requirements to download this new guide to assist in planning for these rigorous e-commerce standards: 

1. Requires Windows Live ID authentication
2. Microsoft Registration (already recorded from past downloads)
3. The 195KB document is in Word 2007 format (downloaded File Formatter Compatibility pack for Office 2003 - automatically prompted for this when attempting to open document)

Microsoft PCI/DSS Compliance Planning Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d8320df1-d0d0-469f-a6fc-b53987bd74c2&displaylang=en

Star  This may be the largest ever according to ZDNET article below.

NO ISSUES SO FAR -- On my work PC, I had 16 total patches for Windows and Office (38mb).  I have many additional Office products like Project, Visio, Front Page, etc.  It took a while to install (maybe 45 min) and everything seems to work normally so far.  Please wait patiently for this large release to download and install -- then reboot immediately as prompted so that changes will be properly applied to Windows registry.

Microsoft Security Updates - October 2009
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

ISC Patch Tuesday overview
http://isc.sans.org/diary.html?storyid=7345

Huge Patch Tuesday Update - October 2009
http://blogs.zdnet.com/security/?p=4585

QUOTE: Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.

The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.

The SMB v2 issue, which has been in the news over the last month, has been addressed with MS09-050, a critical bulletin that actually address three separate documented vulnerabilities.

Star MS09-050 protects against SMB exploit for Windows Vista
http://blogs.zdnet.com/security/?p=4350

Star The System Rescue CD site provides an extensive set of tools to aid Linux users or corporate Linux administrators in recovery efforts if the O/S environment becomes damaged.  It includes an excellent set of documentation and user forums to submit questions.

Linux Rescue CD
http://www.sysresccd.org/Main_Page

QUOTE: SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It comes with a lot of linux software such as system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It requires no installation since you just have to boot on the CD-ROM.

EXTENSIVE DOCUMENTATION
http://www.sysresccd.org/Online-Manual-EN

USER SUPPORT FORUMS
http://www.sysresccd.org/forums/

Lightning AVERT Labs is warning of a sophisticated botnet, discovered 2 weeks ago. Like Conficker, the internal command-and-control design is digitally encrypted to avoid discovery of the primary servers.  Please keep all AV and software patches updated for the best levels of protection.
 

W32/Xpaj Botnet Growing Rapidly
http://www.avertlabs.com/research/blog/index.php/2009/10/06/w32xpaj-botnet-growing-rapidly/

QUOTE: Further analysis has revealed some interesting details about the malicious behavior of W32/Xpaj. The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks.

To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server).  It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers.

Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet: 

• Keep your anti-virus software up to date

• Apply all the latest security patches and keep your operating system up to date

• Set up a firewall to block unauthorized access while you are connected to the Internet

ADDITIONAL INFORMATION
http://www.avertlabs.com/research/blog/index.php/2009/09/21/w32xpaj-know-your-polymorphic-enemy/

Umbrella The Department of Homeland Security is sponsoring their 6th annual promotion of security awareness with a theme that it's “Our Shared Responsibility”.

SECURITY = SEC - U - R - IT - Y  ("You are it")

October - Cyber Security Awareness Month
http://www.dhs.gov/files/programs/gc_1158611596104.shtm

QUOTE: October marks the sixth annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. The theme for National Cybersecurity Awareness Month 2009 is “Our Shared Responsibility” to reinforce the message that all computer users, not just industry and government, have a responsibility to practice good “cyber hygiene” and to protect themselves and their families at home, at work and at school.

Storm As I've been trying to educate myself further on concepts of cloud computing security, this brief article provided some excellent insight on techniques, challenges, and issues.

Cloud Security - Control v. Ownership
http://www.networkworld.com/columnists/2009/091509antonopoulos.html

QUOTE: Andreas M. Antonopoulos , Network World , 09/15/2009

Cloud computing makes auditors cringe. It's something we hear consistently from enterprise customers: it was hard enough to make virtualization "palatable" to auditors; cloud is going to be even harder. By breaking the links between hardware and software, virtualization liberates workloads from the physical constraints of a single machine. Cloud takes that a step further making the physical location irrelevant and even obscure.

Control of information is not in fact dependent on total ownership or a fixed location. An easy example is public key encryption. I maintain ownership of a private key and I control access to it. Usually the private key is stored in a secure location. But from the ownership of the key I can exert control over the information without having to own the rest of the infrastructure. I can build a trusted VPN over an untrusted infrastructure.


Additional resources include:

Cloud-computing security risks and Issues
http://www.computerweekly.com/Articles/2009/04/24/235782/top-five-cloud-computing-security-issues.htm
http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1368905,00.html

Cloud Security Alliance
http://www.cloudsecurityalliance.org/

Cloud Security Blog
http://cloudsecurity.org/

Cloud Security Best Practices
http://www.cloudsecurityalliance.org/guidance/

Star MSE appears to do a great job in detecting malware using a classical signature based design.  The 25 out of 25 root kit detections and successful cleanings is impressive.

As noted, it lacks some of the capabilities in more advanced AV offerings, to heuristically detect emerging malware based on behavioral patterns (but this can lead to occasional false positives).   There may also be some residual items left from cleaning (where you might have to use REGEDIT to tidy up).

Still, the price is right and performance overhead is light (compared to other products I've used).  That is good enough to make it a "keeper" on our family PC

MSE rated as very good in finding Malware by av-test.org
http://www.computerworld.com/s/article/9138730/Independent_tester_Security_Essentials_very_good_

QUOTE: Microsoft's free Security Essentials antivirus software identified 98% of over half a million malware samples, an accuracy rating an independent testing company called "very good" today.

But there were some issues that Microsoft's program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don't rely on specific "fingerprint" signatures to match against a potential threat. Security Essentials lacks any such technology.

Security Essential's final version also successfully identified and deleted all 25 rootkits AV-Test.org threw against it, Marx said.

Not surprisingly, Symantec, which yesterday blasted Security Essentials as a "poor" product with "average detection rates," had a completely different testing take on the new rival. Symantec's vice president of engineering, Jens Meggers, also disparaged the kind of testing that AV-Test.org and others conduct. "Things like the WildList don't show you the brand new stuff, the ones you need to detect on the first day they're out," Meggers told Computerworld on Tuesday.

Security Essentials was also unable to completely scrub a PC when it did detect malware. "In many cases, traces of infection were left behind," said Marx, ticking off several examples including empty "Run" entries in the Windows registry and modified "hosts" files. The program also failed to switch on the Windows firewall after a piece of malware had deliberately disabled it.

More Posts « Previous page