-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
How to Suck at Information Security
http://isc.sans.org/diary.html?storyid=5644
Microsoft Worm Variant Detected
,----[ Quote ]
| A variant of a malicious worm that targeted Microsoft Windows now is
| spreading via USB sticks, researchers say.
|
| Security company BitDefender Labs, based in Bucharest, Romania, detected the
| Windows worm variant in late December. The original worm known as
| Win32.Worm.Downadup, first made its appearance in late November, exploiting a
| Microsoft vulnerability in the Windows RPC Server Service. Since then, it has
| rapidly spread across numerous corporate networks with the aim of
| distributing malicious software on susceptible computers.
`----
http://www.crn.com/security/212900845
New Botnets Replace Vanquished Pests
,----[ Quote ]
| Although the shutdown of a California Web hosting company eradicated several
| prominent botnets last year, others have stepped up to fill the gaps, a
| security researcher says.
|
| Gone from the landscape, said Joe Stewart, director of research at
| Atlanta-based SecureWorks Inc., are "Srizbi" and "Storm," the botnets Stewart
| ranked as No. 1 and No. 5, respectively, in an April 2008 botnet census.
`----
http://www.pcworld.com/article/157915/new_botnets_emerge.html?tk=rss_news
"Our products just aren't engineered for security."
--Brian Valentine, Microsoft executive, Windows boss
http://www.infoworld.com/articles/hn/xml/02/09/05/020905hnmssecure.html
Related:
With Vista breached, Linux unbeaten in hacking contest
,----[ Quote ]
| The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on
| the last day of the contest; but it was Linux, running on a Sony Vaio, that
| remained undefeated as conference organizers ended a three-way computer
| hacking challenge Friday at the CanSecWest conference.
`----
http://www.linuxworld.com/news/2008/032908-with-vista-breached-linux-unbeaten.html?fsrc=rss-linux-news
Microsoft reacts to kernel hacks, defends Vista
,----[ Quote ]
| Microsoft wasn't much help in figuring out exactly what was beefed up by the
| PatchGuard update; the accompanying information was extremely vague. The
| MSRC's release manager, Simon Conant, was just as tight-lipped in a posting
| to the center's blog. "The update adds additional checks to Kernel Patch
| Protection for increased reliability, performance, and security," Conant
| said.
`----
http://www.infoworld.com/article/07/08/15/Microsoft-reacts-to-kernel-hacks_1.html?source=rss&url=www.infoworld.com%2Farticle%2F07%2F08%2F15%2FMicrosoft-reacts-to-kernel-hacks_1.html
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft : Arrogance leads to Vulnerability
,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----
http://securityblog.itproportal.com/?p=514
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklz2h8ACgkQU4xAY3RXLo4zmACfXzRlsCKCvkMr/aS1VgBR5D4l
WOwAnjLTEm0zlNyY8cOqlmrWWwvYCG+p
=1Gi9
-----END PGP SIGNATURE-----
|
|
