For over an hour today, the Microsoft website was brought offline. Reports indicate that it was a standard Denial of Service attack, rather than an exploit in their hosting platform itself (Windows Server 2003, at last check). However, there is a certain likelyhood that the launch-points for this attack were themselves exploited Windows-based computers. The Department of Homeland Security today issued an unprecedented second warning regaring recent Windows exploits. Is this an isolated incident, or is it an ominous indication of pending cyber attacks on popular internet sites?
Privacy, Security Archive
A hacker group released code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, security researchers warned.
Researchers outline a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds.
Visionaries are using photons to develop data-security systems that may prove the ultimate defense against eavesdropping hackers.
Software designed by humans will always have flaws, says Microsoft, but the company argues that its security record is improving. Microsoft has admitted it does not expect to ever release completely secure, flawless code, but denied that its software was any less secure than any other complex code.
Following Vnunet's "Linux hacks hit all-time high" article a few days back, mi2g once again copped criticism from the wider IT security community. Nonetheless, the original data upon which their report was based illustrates that concerns about Open Source security complacency may have some merit.
Microsoft is expanding its security business unit with a group that will establish new software development processes and create tools for its programmers so that future Microsoft products will have fewer security flaws, a Microsoft executive said.
A fundamental constituent of Microsoft's Trustworthy Computing initiative is "Reliability. The customer can depend on the product to fulfil its functions." No-one wants to be a guinea pig and, after all, Microsoft hardly have a track record of designing secure platforms. Not entirely true. Recent accreditation to CM-EAL4 puts Windows 2000 on a security par with most hardened versions of Unix.
Microsoft faces a possible investigation and significant fines for a security lapse that could have exposed the personal information of millions of consumers.
An interesting Palladium editorial is at Linux-mag, going through the pros and cons of the technology.
On a normal system, if an attacker gains root or administrator access, he or she can run rampant. Not so on a trusted system -- at least so long as it is properly configured. Read the article at NewsFactor.
A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet, a loss that could lead to widespread piracy of the OS. In the meantime, the battle for "Trustworthy Computing" is still on.
Columnist Tim Mullen from SecurityFocus wrote an interesting editorial about how the media are overeacting on some thought exploits/holes found on Windows 2k/XP, while in his opinion, other platforms/apps are also as vulnerable but they don't get as agressive reporting: "This kind of thing damages overall security. It clouds the issue, and rains on the wrong parade. The media should give its readers all the information-- not slant it in an effort to make Microsoft look like the bad guy every time."
Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target. The report also points out that Apple is becoming vulnerable, "now that it is fielding an operating system with embedded Internet protocols and Unix utilities.". Read the article at ZDNet UK by John McCormick.
"Wireless networks are replacing wired networks very rapidly. More and more people want to stay connected on the road. What this transition brings is - more security problems. While wired networks have been around for ages and have had the time to make good security defences, wireless networks and new in comparison and still have a long way to go. This book aims to give you the knowledge you need to bring maximum security to your network, by teaching you how that security can and will be broken." Read the review at Help Net Security.
Red Hat and Mandrake are cutting support for older versions of their Linux distributions... The results will be a security nightmare for the Internet, says Jon Lasser.
The Bush administration signed off Friday on the final version of the United States' strategy for protecting the Internet and securing information systems. Additionally, Attorney General John Ashcroft wants even more power to snoop on the Internet, spy on private conversations and install secret microphones, spyware and keystroke loggers.
Computer security experts said on Thursday the recent "SQL Slammer" worm, the worst in more than a year, is evidence that Microsoft Corp.'s year-old security push is not working.
The company plans to update its Smartphone 2002 operating system to fix flaws that make it possible to send rogue software programs to a specific model of phone that uses the OS.
Brian Richardson, AMI's engineer, replies to a long interview on Slashdot about TCPA, Palladium, and other BIOS issues. Interesting read.