Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Zero-day Vista Exploit Up for Sale

Hackers Selling Vista Zero-Day Exploit

,----[ Quote ]
| Underground hackers are hawking zero-day exploits for Microsoft's new
| Windows Vista operating system at $50,000 a pop, according to computer
| security researchers at Trend Micro.
`----

http://www.eweek.com/article2/0,1759,2073611,00.asp?kc=EWRSS03119TX1K0000594


Related:

Experts: Windows Vista Won't Do Much to Improve Computer Security

,----[ Quote ]
| Why not? Partly because of security progress that Microsoft already had
| made in its last operating system, Windows XP . Also because a complex
| product like Vista is bound to have holes yet to be discovered. And
| mainly because of the rapidly changing nature of online threats.
`----

http://www.foxnews.com/story/0,2933,235863,00.html


Most security tools not quite ready for Vista

,----[ Quote ]
| "The absence of security software from the major vendors will
| be another reason why business will not migrate to Vista right
| away," said Natalie Lambert, an analyst at Forrester Research.
| That's in addition to the lack of support for Vista in general
| applications, which are the tools businesses need to run their
| operations, she noted.
`----

http://news.zdnet.com/2100-1009_22-6139808.html


Hackers 'Salivating' for Vista

,----[ Quote ]
| Security experts brace for viruses in Microsoft's Windows Vista.
`----

http://www.redherring.com/Article.aspx?a=19959&hed=Hackers+'Salivating'+for+Vista


Vista security: What's in it for you?

,----[ Quote ]
| Hoping this release will solve all your security headaches? Think
| again...
|
| [...]
|
| Promises from Microsoft relating to security are roughly on a par with 
| promises from children about not hunting out where their Christmas presents 
| are hidden.
`----

http://software.silicon.com/security/0,39024655,39164192,00.htm


Windows Vista: It's More Secure, We Promise

,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say 
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----

http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449


Windows Vista's first malware warning

,----[ Quote ]
| Web-based email services expose Windows Vista
`----

http://www.pcadvisor.co.uk/news/index.cfm?newsid=7748


Three of the top ten malware threats run on Microsoft Vista, Sophos
tests show

,----[ Quote ]
| Sophos tested each piece of malware in the top ten on the Vista
| operating system to establish whether users running Vista without
| any third-party security software would avoid infection.
`----

http://www.sophos.com/pressoffice/news/articles/2006/11/toptennov.html?_log_from=rss


Microsoft stands by Patch Tuesday for Vista

,----[ Quote ]
| Software giant Microsoft is set to continue releasing security
| patches and other updates on the first Tuesday of every month
| despite admitting that malicious software authors have started
| exploiting the predictability of its updates.
`----

http://zdnet.com.au/news/software/soa/Microsoft_stands_by_Patch_Tuesday_for_Vista/0,130061733,339272495,00.htm


Is Vista security a selling point?

,----[ Quote ]
| An assortment of new security features in Windows Vista will help
| many consumers become "secure enough," but businesses are unlikely
| to abandon their current levels of additional, backup security if
| they adopt the new operating system, some experts say.
`----

http://news.zdnet.com/2100-9595_22-6137223.html


Vista remains insecure, argues Bill Pill creator

,----[ Quote ]
| At first glance it should be good news, after all it would appear
| that Microsoft has plugged a hole that left the claims of Vista
| being highly secure shot to pieces. Nonetheless, the security
| researcher who demonstrated the original Blue Pill exploit at
| both SyScan 06 in Singapore and the Black Hat briefings in Las
| Vegas earlier in the year, Joanna Rutkowska, has hit back with a
| warning that the methodology used by Microsoft to block her
| pagefile exploit is itself fundamentally flawed and insecure.
`----

http://www.daniweb.com/blogs/entry973.html


Vista PatchGuard Hacked

,----[ Quote ]
| "Hackers have already broken PatchGuard and can disable it. This
| means that hackers can already get malicious code into the Windows
| Vista kernel; while legitimate security vendors can no longer protect
| it. This presents a serious new risk for consumers and enterprises
| worldwide," stated Oliver Friedrichs director of emerging
| technologies in Symantec Security Respons.
`----

http://news.softpedia.com/news/Vista-PatchGuard-Hacked-37979.shtml


Windows kernel protection expected to break soon

,----[ Quote ]
| PatchGuard, a Microsoft technology to protect key parts of Windows,
| will be hacked sooner rather than later, a security expert said Thursday.
`----

http://news.zdnet.com/2100-1009_22-6125274.html


Black Hat Takes Vista to Task

,----[ Quote ]
| She demonstrated two potential attack vectors. One could allow unsigned
| code to be loaded into the Vista kernel. The second vector involved
| taking advantage of AMD's Pacific Hardware Virtualization to inject a
| new form of super malware that Rutkowska claimed to be undetectable.
`----

                http://www.internetnews.com/security/article.php/3624861


Windows Vista: It's More Secure, We Promise

,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say 
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----

http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449


Perspective: Why Microsoft is wrong on Vista security

,----[ Quote ]
| The net-net is that the user is demonstrably less safe as compared to
| during the XP days, when security vendors could use their advanced
| behavioral features.
`----

http://news.com.com/Why+Microsoft+is+wrong+on+Vista+security/2010-7349_3-6123924.html
http://tinyurl.com/fdhzw


IE 7 bugs abound

,----[ Quote ]
| "But browser testers may already be at risk, according to security 
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential 
| security flaw in IE 7. An attacker could exploit the flaw by crafting a 
| special Web page that could be used to crash the browser or gain complete 
| control of a vulnerable system, Ferris said in an advisory on his Web site. 
| Microsoft had no immediate comment on Ferris' alert."
`----

http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news


Symantec highlights Windows Vista user vulnerabilities

,----[ Quote ]
| Symantec has shed more light on potential vulnerabilities in Windows
| Vista that could circumvent new security measures and leave users
| vulnerable to attack.
`----

http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/


Symantec continues Vista bug hunt

,----[ Quote ]
| After poking around the Windows Vista networking stack, Symantec
| researchers have tried out privilege-escalation attacks on an early
| version of the Windows XP successor.
|
| "We discovered a number of implementation flaws that continued to allow
| a full machine compromise to occur," Matthew Conover, principal
| security researcher at Symantec, wrote in the report titled "Attacks
| against Windows Vista's Security Model." The report was made available
| to Symantec customers last week and is scheduled for public release
| sometime before Vista ships, a Symantec representative said Monday.
`----

                http://news.zdnet.com/2100-1009_22-6097976.html


Six reasons you'll hate networking in Windows Vista

,----[ Quote ]
| Author finds some details 'maddening,' 'brain dead' and 'laughably
| rudimentary.'
`----

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003835&pageNumber=1


Symantec Finds Flaws In Vista's Network Stack

,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in  Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
|
| [...]
|
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
|
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"
`----

http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1...


Symantec Says Windows Vista Will be Less Secure than XP

,----[ Snippet ]
| Symantec said earlier last week that there were no viruses for Apple's
| OS X.
`----

                        http://www.dailytech.com/article.aspx?newsid=3389


Symantec sees an Achilles' heel in Vista

,----[ Quote ]
| Some of Microsoft's efforts to make Windows Vista its most stable and
| secure operating system ever could cause instability and new security
| flaws, according to a Symantec report.
|
| [...]
|
| "Microsoft has removed a large body of tried and tested code and
| replaced it with freshly written code, complete with new corner cases
| and defects," the researchers wrote in the report, scheduled for
| publication Tuesday.
`----

                http://news.zdnet.com/2100-1009_22-6095119.html 


McAfee: Microsoft completely unrealistic on Vista

,----[ Quote ]
| Windows Vista does not ship with antivirus software installed and active,
| but for the first time Microsoft will be promoting their own antivirus
| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
| has already called Microsoft's plans predatory based on pricing. McAfee
| is focusing its critique on operating system design, arguing instead that
| Microsoft's decisions with Vista will simply make the operating system
| less secure.
| 
| In the advertisement, McAfee CEO George Samunek is quoted as saying,
| "Microsoft is being completely unrealistic if, by locking security
| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
| In fact, they already have." The advert continues: "With its upcoming
| Vista operating system, Microsoft is embracing the flawed logic that
| computers will be more secure if it stops co-operating with the
| independent security firms."
`----

http://arstechnica.com/news.ars/post/20061002-7875.html


Cisco exec: Windows Vista is scary

,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."
`----

http://news.zdnet.com/2100-1009_22-6116823.html


,----[ Quote ]
| "Up to 60% of the code in the new consumer version of Microsoft new Vista
| operating system is set to be rewritten as the Company 'scrambles' to fix
| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
| also admitted that it has major problems in it's Windows division and has
| has immediately initiated a total restructure of the division..."
`----

http://www.smarthouse.com.au/Computing/Platforms?Article=/Computing/Platforms/R7G5G6U4


Microsoft distributes Grisoft antivirus for Vista

,----[ Quote ]
| Microsoft is making the Grisoft AVG Anti-Virus 7.5 and AVG Anti-Virus
| Free Edition packages available via the Windows Security Center channel
| as a Windows Vista security solution.
`----

http://www.computerweekly.com/Feeds/RS/Articles/2006/11/08/219742/Microsoft+distributes+Grisoft+antivirus+for+Vista.htm


Study: Symantec Best at Removing Rootkits; Microsoft Worst

,----[ Quote ]
| The application that performed the poorest, according to
| Thompson, was Microsoft's Microsoft Windows Defender (Beta 2),w
| hich is being built into the Windows Vista operating system.
`----

http://www.eweek.com/article2/0,1895,2051268,00.asp


Security Suite Smackdown, Part I

,----[ Quote ]
| Eight of the biggest names in security go head to head in
| this round up of the best (and worst) of the apps that
| aim to keep you safe.
`----

http://www.pcmag.com/article2/0,1895,2031667,00.asp

(Microsoft's Live OneCare is 7th of out 8 products)


Attackers end-run around IE security

,----[ Quote ]
| The vulnerability underscores that the improvements in security in the
| latest version of Microsoft's browser, Internet Explorer 7, do not
| eliminate the threats of older components of Windows, said Gunter
| Ollmann, director of IBM Internet Security Systems' X-Force
| vulnerability research team.
| 
| [...]
| 
| Online criminals frequently use flaws in ActiveX to install malicious
| code on victims' PCs via their browsers. One tool - known as WebAttacker
| and sold from a Russian website for about $20 - has had great success
| in compromising the security of victims' computers.
`----

http://www.theregister.co.uk/2006/11/08/ie_security_analysis/


Microsoft: Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company's products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
| 
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----

http://securityblog.itproportal.com/?p=514


Russian expert: Terrorists may try cyberattacks

,----[ Quote ]
| A Russian computer security expert predicts that terrorists could
| seek to target the country's critical infrastructure through
| electronic warfare, a strategy that could raise the stakes in
| how Russia handles computer crime.
`----

http://www.linuxworld.com.au/index.php?id=2104593093&rid=-50


UCLA Probes Computer Security Breach

,----[ Quote ]
| The University of California, Los Angeles alerted about 800,000
| current and former students, faculty and staff on Tuesday that
| their names and certain personal information were exposed after
| a hacker broke into a campus computer system.
`----

http://www.washingtonpost.com/wp-dyn/content/article/2006/12/12/AR2006121200173.html

http://uptime.netcraft.com/up/graph?site=www.identityalert.ucla.edu 

        Windows Server 2003 Microsoft-IIS/6.0 12-Dec-2006 164.67.134.79 
        University of California, Los Angeles


EveryDNS, OpenDNS Under Botnet DDoS Attack

,----[ Quote ]
| The last time the Web mob (spammers and phishers using botnets)
| decided to go after a security service, Blue Security was forced
| to fold and collateral damage extended to several businesses,
| including Six Apart.
`----

http://securitywatch.eweek.com/exploits_and_attacks/everydns_opendns_under_botnet_ddos_attack.html


http://www.eweek.com/slideshow_viewer/0,1205,l=&s=25954&a=194164&po=4,00.asp


Study: Billions of dollars spent on security

,----[ Quote ]
| Large U.S. businesses will spend $61 billion on security by the end
| of this year, representing 7.3 percent of total IT budgets in the
| country, according to a new report from Info-Tech Research Group.
`----

http://news.com.com/2110-7350_3-6135989.html?part=rss&tag=2547-1_3-0-20&subj=news


US lost $8 billion to computer crime

,----[ Quote ]
| Consumer reports' latest "State of the Net" survey has revealed that
| US punters lost more than $8 billion over the last two years to
| viruses, spyware and con tricks.
` ^^^^^^^^^^^^^^^^

http://www.theinquirer.net/default.aspx?article=33554


Cisco exec: Windows Vista is scary

,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."
`----

http://news.zdnet.com/2100-1009_22-6116823.html


Vista a 'threat' to the national security of India

,----[ Quote ]
| As Mr Bombay Watcher says on his blog, Microsoft has a cosy partnership
| with the CIA, so perhaps the world should take care and caution when it
| comes time to upgrade. We're pretty certain Windows 3.1 would be a safe
| bet. He seems particularly worried about the national security of India,
| as it does, of course, have some conflicting interests with the US
| of A.
`----

http://www.theinquirer.net/default.aspx?article=34979


Homeland Security not ready for Cyber Storm

,----[ Quote ]
| In June, the Business Roundtable issued a report saying that "the
| United States is not sufficiently prepared for a major attack, software
| incident or natural disaster that would lead to disruption of large parts
| of the Internet" and that coordinating a response to such an attack
| or disaster should be turned over to the Department of Homeland
| Security.
`----

http://www.homelandstupidity.us/2006/09/18/homeland-security-not-ready-for-cyber-storm/
http://tinyurl.com/lwp8y


Open Source Intelligence for national security

,----[ Quote ]
| Intelligence agencies' concern about secrecy is an obstacle to good
| intelligence, which is broadly required to counter any type of
| asymmetric threat.
| 
| [...]
| 
| Open Source Intelligence (OSINT) can fill in most of the gaps immediately
| and at low cost. OSINT is not just open source information nor is it a
| substitute for all source analysis. OSINT is a distinct analytical
| process that integrates human expertise and open source information
| to produce policy relevant or actionable intelligence.
`----

http://www.isn.ethz.ch/news/sw/details.cfm?ID=16727


Perspective:  Microsoft security--no more second chances?

,----[ Excerpt ]
| CNET News.com's Charles Cooper says the software maker is running out
| of excuses for a history of poor security.
`----

,----[ Quote ]
| As if Homeland Security Secretary Michael Chertoff didn't have enough on
| his plate.
|
| Not only has he had to deal with Katrina and Osama. Now he's also got to
| whip Steve Ballmer and the crew at Microsoft into shape. If past is
| prologue, that last task may be the most daunting of all.
`---- 

http://news.com.com/2010-1002_3-6104512.html?part=rss&tag=6104512&subj=news


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index