Privacy, Security Archive

A denial of service vulnerability reportedly affects the Windows Remote Desktop Protocol. Either disable RDP or make sure you have a firewall enabled for port 3389 until a fix is available.

Opera's announcement of in-browser support for Bittorent highlights the trend for common desktop applications requesting an ever-larger number of TCP ports to be opened up for them, essentially poking holes into firewalls. File transfer apps, VoIP, games, and other programs routinely request open ports, and that's a security risk, say some security experts.

Version 2.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations.

Protecting against laptop and data theft would appear to be relatively easy, but, in a business sense, is rarely so. This article provides some basic steps for employees to follow in order to protect laptops.

Linuxlookup.com is reporting Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. The outcome: Windows beats Linux in Security. "We already know how to secure a Windows-based solution and keep it running smoothly,” says Stephen Shaffer, the airline’s director of software systems. “With Linux, we had to rely on consultants to tell us if our system was secure. With Windows, we can depend on Microsoft to inform us of and provide any necessary updates."

Versions of Outlook Express in Windows 2000, XP, and Server 2003 contain a flaw that would allow malicous code to take control of their machines. Launching Outlook Express is not necessary, apparently. Luckily, only users who visit particular malicious newsgroups are vulunerable. A patch is available.

Sun Microsystems unwrapped two new identity management products this week, designed to ease the process of federating identity across multiple partners and customers.

There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior's toolbox. They have also created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.

The Internet has become a far more dangerous place than it was 20 years ago. Nowadays, Operating System and application security is an integral part of a server configuration and, while firewalls are very important, they are not the panacea.

Microsoft on Tuesday issued three "critical" patches for flaws that could allow a malicious attacker to take remote control of a computer.

KernelTrap reports: Colin Percival continues the discussion regarding the shared-cache vulnerability inherent in multi-core processors, offering potential mitigation techniques in the form of fixes to the FreeBSD schedulers. Based on Percival's original discovery, information leakage between threads which share a processor core and the subsequent opportunity to monitor memory access patterns can be prevented by eliminating the co-scheduling of threads that have differing privileges.

Update: It appears that we mischaracterized the conclusions in our title and our summary on this story. Greg KH was referring only to the ELF vulnerability in this story. Whether we were deliberately mislead by the submitter of this story or not, we regret the error.

The original story: According to "Greg KH," co-maintainer of the 2.6.x.y series of important stability and security fixes, the Linux kernel does not suffer from the much-hyped hyper threading vulnerability that affected the BSDs: " The main reason there have not been any updates, is that there really isn't a problem for the 2.6 kernel. The original author has admited this finally, no one was ever able to reproduce it on a 2.6 kernel. The only reason I released a kernel update, was at the time, we thought there was an off-chance that there was a problem. However in further testing, it has not been the case." This confirms Linus's earler assertion.

Because firewalls and other defensive security measures are not failsafe, you need additional tools to detect and respond to security breaches as they occur. A network analyser can detect known (and even some unknown) virus attacks and make the cleanup process much more efficient.

A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional MS software, according to a security researcher.