Security: Microsoft launches Security Vulnerability Research and Defense blog
December 31st, 2007 by Shanmuga
"The Security Vulnerability Research and Defense blog, introduced Thursday, provides in-depth technical information and ways security professionals can protect an organization from vulnerabilities. The blog will be updated the second Tuesday of every month, called "Patch Tuesday," which is when Microsoft releases security updates for Windows and other software.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Security, Vulnerabilities | No Comments »
"Forget the Nigerian prince. Phishing scams are moving beyond the misspelled, far-fetched ruses that clog your in-box and beg for your bank codes. In the year to come, security professionals are warning of bank code-stealing exploits that are much slicker and more convincing–hidden in guises as harmless as a banner ad on a reputable Web site or a message from a friend on a social network.
"For over 25 years, the computer community has been dealing with malicious software. These little pieces of malware started as minor pranks and theoretical explorations into subverting security controls, but soon developed into more malicious programs that have left a significant impact on the computing community. Over the last decade we have seen viruses/Trojans/worms wreck countless computer systems, shutdown entire business, and impact our economy on a scale that rivals that of a major natural disaster.
"Searches for news about Bhutto’s killing and the ensuing chaos in Pakistan listed sites pimping a bogus video coder/decoder (codec), said analysts at McAfee Inc., Symantec Corp. and WebSense Inc. For instance, WebSense found such a site simply by using "benazir" to search on Google. Meanwhile, McAfee quickly located 10 sites hosted on Blogger.com, Google Inc.’s blog service, that were spreading the fake codec.
"…Apple is a victim of its own success. Savvy hackers read the same stories and watch the same television programs as the rest of us, and so they are very aware of the burgeoning popularity of Apple’s products. Hacking Windows still provides a lot more bang per bug than attacks on Apple, but the smaller rival is a more satisfying target than ever before. And the company’s deserved reputation for building good products has probably made users overconfident.
"The old Chinese curse says, “May you live in interesting times.” It seems a lot of IT security departments may have been cursed in 2007, because most of them have had one “interesting” year. In fact, according to one report, a whopping 85 percent of organizations have experienced at least one reportable breach in the past 12 months…we’ve come to learn there are essentially three types of breach stories: 
"The ongoing Storm Trojan attack that began Monday has morphed again, security researchers said today, changing the malicious file’s name, shifting to new malware hosting servers, and adding a rootkit to cloak the bot code from anti-virus software.
"…according to Paul Henry, a longtime industry expert who currently wears the title of "vice president of technology evangelism" at security gateway maker Secure Computing, 2008 is shaping up to be even worse than any year in the past. (Consider that according to McAfee, 2007 was by far the worst year ever for malware exploits, as the company’s Avert Labs tracked an estimated 357,000 individual pieces of malware, a 60 percent increase over 2006. FTR, McAfee is predicting that we will see over 550,000 samples during 2008.)
"SecureWorks anti-malware guru Joe Stewart, a veteran reverse-engineer who spends the majority of his time breaking apart malware samples, said the control server that powers Pushdo is preloaded with about 421 different malware executables—waiting to be delivered to infected Windows machines.
"Researchers from Google and a well-known security firm have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors.
