Tag: attack
November 14, 2009 by
Jason
Microsoft has reacted rapidly to public reports of a zero-day denial-of-service vulnerability in its latest iterations of the Windows client and server operating systems, and is providing customers with guidance on how to block potential attempts to take advantage of the security flaw. In this regard, the Redmond company has underlined that no exploits or attacks have been detected for the denial-of-service (DoS) hole in the Microsoft Server Message Block (SMB) Protocol impacting both SMBv1 and SMBv2 in Windows 7 and Windows Server 2008 R2. However, Proof of Concept (PoC) code was irresponsibly published in the wild, making it extremely easy for attackers to build exploits putting at risk users of Windows 7.
“Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer’s system but could cause the affected system to stop responding until manually restarted. It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue,” Dave Forstrom, group manager, public relations, Microsoft Trustworthy Computing, revealed. “The company is not aware of attacks to exploit the reported vulnerability at this time.” Read More»
Posted in Windows 7 | No Comments »
October 15, 2009 by
Jason On October 13th, 2009, Microsoft started serving to Windows users patches for no less than 34 vulnerabilities, releasing the most security bulletins in the company’s history. The 13 security bulletins made available are designed to offer fixes for a range of security issues affecting Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server. Microsoft underlined that, despite the large number of patches, all security updates had been thoroughly tested, and only received the green light for broad release once they met specific quality standards.
Out of the total 13 security bulletins released, eight have received Microsoft’s maximum severity rating, namely Critical, indicating that they are designed to patch severe vulnerabilities that could allow for remote code execution in the eventuality of a successful attack. The remaining six patch packages have all been deemed Important, a less severe rating. However, customers should apply the patches offered by the Redmond company immediately. The simplest way to access the security updates is through Windows Update. Users with Automatic Updates enabled will have all patches automatically downloaded to their machines.
Microsoft revealed that no less than seven security bulletins with a maximum severity rating of Critical out of the total eight also had an exploitability index of 1. The highest possible exploitability index: 1 is indicative of the fact that Microsoft considers the possibility of exploit code becoming available in the wild for the seven flaws extremely likely, perhaps even within the first 30 days since the patches were released. This just in case you needed additional incentive to deploy the security updates. Read More»
Posted in Computer | 1 Comment »
October 07, 2009 by
Jason Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to exploit, in the eventuality that attackers do come across critical security holes.
The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.
“The Microsoft SDL – Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.
Read More»
Posted in Windows 7 | No Comments »
You can see whether your current passwords you do use more than one, right? are rated “strong” by using Microsoft’s online Password Checker. I bet you’ll be unpleasantly surprised by the results.
The three keys to strong passwords are length, randomness, and use of different types of characters. Each additional character multiplies the potential combinations a brute-force attack must try.
Random passwords use upper- and lower-case letters, numbers, and symbols. When at least three of these four categories are used, an eight-character password should suffice in most instances. According to the FrontLine security site, such a password would take a century or more to crack by a hacker using a single PC. The eight-character standard is also the minimum the Microsoft Password Checker deems “strong.” Of course, the more characters in your password, the safer you’ll be.
If you wish to create your own password, use a sentence or phrase you can recall easily and then tweak it for each account. Read More»
Posted in Computer | No Comments »
November 18, 2008 by
Jason
The exploit for a vulnerability affecting the Server Service on all supported versions of Windows has been included in a commercial malware kit, available for sale. MS08-067 is labeled with a maximum severity rating of Critical, and the security bulletin is designed to patch vulnerable Windows operating systems, which could allow for remote code execution via a successful attack involving a specially crafted, malicious RPC request. The vulnerability affects the latest Windows client and server operating systems, including Windows 7, Windows Vista Service Pack 1 and Windows XP Service Pack 3.
“Probably the most widely reported topic in the Chinese Security community this month will be the availability of a commercial MS08-067 attack pack, customized for Chinese users. On October 26th, 2008, exploit code was posted on to a well-known public repository site. In a few days, malware kit author, WolfTeeth, was quick to sell a MS08-067 port scanning tool with attack capability to his ‘customers,’ using free code from the Internet,” revealed Haowei Ren and Geok Meng Ong, from the McAfee Avert Labs.
The security issue is rated Critical on Windows Server 2004, Windows XP (including SP3), and Windows Server 2003, and just Important on Windows Vista (SP1) and Windows Server 2008. Microsoft made available MS08-067 as an out-of-band release in October 2008. During the same month the company issued the first security patch for Windows 7, designed for the pre-Beta Build 6801 Milestone 3 release. Read More»
Posted in Windows 7 | No Comments »
The Carnegie-Mellon University (CMU) made available a Firefox extension developed at their School of Computer Science and College of Engineering that improves security in Firefox by protecting against man-in-the-middle attacks. The extension, named Perspectives, is available only for Firefox 3 and works on Windows, Linux (32-bit) and OS X (Intel), with support for Linux (64-bit) and Open Solaris being in the experimental stage of development.
A man-in-the-middle attack is performed by intercepting the traffic between a user and a resource that he is trying to access. This can be achieved by exploiting several vulnerabilities, like the latest DNS cache poisoning or GMail accounts hacking incidents show.
When accessing a server resource using secure protocols like SSL or SSH, a correct identification of the server is required. This is achieved through digitally signed certificates. Due to the fact that certificates issued by trusted authorities like VeriSign are expensive, it became common practice for small businesses and websites to use self-signed certificates. Read More»
Posted in Firefox | No Comments »
You invested in dead bolts and alarm systems to protect your business from theft of merchandise and equipment. But a cyber thief does not need access through the front door to steal the information you store on your PCs. Client credit card and bank account numbers, employee data and other confidential files are all at risk in a cyber attack.
Implementing sound security measures can greatly reduce your vulnerability to phishing (a type of Internet-based scam designed to steal your identity), spyware, and other malicious software used to steal or otherwise compromise business data. The good news is that built-in security features in Windows Vista Ultimate make it much easier to safeguard your PCs. Here are three you should know about: Read More»
Posted in Windows Vista | No Comments »
Loading ...
