Privacy, Security Archive

“MS: Security Risk” Paper Criticised By Industry Group

David Adams 2003-09-26 Privacy, Security 29 Comments

The recent paper that claimed that Microsoft's dominance poses a risk to US national security has come under fire by the groups Americans for Technology Leadership as being a shameless attempt by Microsoft's business rivals to promote their own products. Interestingly enough, Microsoft is one of the founding members of Americans for Technology Leadership, so this looks like this may be a bit of a "Battle of the Trade Groups."

Proper Security Will Take Horsepower

David Adams 2003-09-19 Privacy, Security 16 Comments

A ZDNet article has figured out what to do with all that extra processing power that Moore's Law keeps giving us: use brute force to make our computers secure. Encrypting everything, between machines, and also between processes might do the trick. Of course, you can't keep your keys in software, so that's where hardware tricks like "Trusted Computing" come in. So let me get this straight, because we're all afraid of viruses and hackers now, we're going to get back on the processor upgrade treadmill and give up ultimate control over what's on our PC to our motherboard and OS vendors?

IEEE Begins Standard to Create Baseline for More Secure OSes

Eugenia Loli 2003-09-13 Privacy, Security 35 Comments

The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.

Microsoft Patches Critical VBA Flaw

Submitted by Marcel 2003-09-04 Privacy, Security 14 Comments

An identified security issue in Microsoft Visual Basic for Applications could allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions. Windows and Office users should update their system.

User Authentication Based on Keyboard Usage

Submitted by Chris 2003-09-03 Privacy, Security 20 Comments

Just as access can be granted based on a fingerprint or retina scan, biometrical analysis of the keyboard typing style can produce a unique pattern. A project to produce an authentication scheme based on hardware that every computer has already (unlike a retina scanner) was started in 1999 for BeOS but now is available on MacOS X, in a beta release.

Don’t Rely on Microsoft, Homeland Security

David Adams 2003-09-01 Privacy, Security 26 Comments

A trade group has urged the US Department of Homeland Security to reconsider its recent decision to use Microsoft as its preferred supplier of desktop and server software, citing recent security problems. Quote from the Computer & Communications Industry Association (CCIA) report: "Because of these recent developments, historical experience, and the inherent risks associated with lack of diversity, we ask that you reconsider your heavy reliance on a single, flawed software platform to protect our national security."

Blaming Microsoft for Hacker Attacks

Submitted by Ricky K. Yamauchi, Jr. 2003-08-29 Privacy, Security 104 Comments

"Some think the software maker is at fault for the latest viruses. But you can't blame a target. "Let's all just beat the hell out of Microsoft. It unleashed the worms!" Well, that's what some people think, if the e-mails (uninfected) I got during the past week are any indication." says Wrastler for CNN Money. "So why doesn't Microsoft make its software more secure? They're trying, company officials say. But they also argue that like any other company, there's only so much Microsoft can do to prevent a crime if a criminal truly wants to commit it." a Statesman article says. In the meantime, the FBI has identified a teenager as the author of Blaster and plans to arrest him early Friday, a U.S. official confirmed.

Microsoft Using Linux? Netcraft Responds

Submitted by Brad Clarke 2003-08-21 Privacy, Security 49 Comments

In order to protect itself from DDoS attacks, Microsoft is using the Akamai service to distribute its load. Ironically, as a result, the domain www.microsoft.com is now listed in the Netcraft report as being Linux running IIS. Netcraft has received so much mail asking about that, and the irony of Linux-bashing Microsoft now depending on "enterprise-class" Linux servers has generated so much discussion, Netcraft has posted a page explaining what's happening.

Deploy Linux Desktops to Boost Security, Urges Sun’s Schwartz

Submitted by Nicholas James 2003-08-19 Privacy, Security 32 Comments

Sun's EVP of Software Jonathan Schwartz uses the popular metaphor of the natural ecosystem to describe the IT world. Most corporate IT departments are what ecologists call a "monoculture." As various blights and famines have proven, when there is too much of the same plant growing in one place, it's suceptable to being wiped out by a disease. Stressing the need for "genetic diversity on the desktop" to combat security threats, Schwartz points to a non-Microsoft desktop as a viable solution. The difficulty in implementing the new OS? Says Schwartz, "you might have to train the user that a home directory named 'My Computer' on Windows has been renamed 'This Computer' . . . "

More Windows Trouble Ahead?

Submitted by danjr 2003-08-14 Privacy, Security 35 Comments

Blaster winds down, but security experts predict more Windows trouble ahead. Some believe that a new attack is imminent.

Making Your PC Secure: A Responsibility

Guest post by Jeremy LaCroix 2003-08-13 Privacy, Security 68 Comments

I am a "Technologist", a Technology enthusiast that is usually the one that is called should a major catastrophe strike an end user. My saga of computer rescues becomes a plot that is ever so thickening, if not only for the fact that's it's becoming incredibly easy for hackers and malicious code writers these days to invade personal property to find, seek, and destroy. Each year, virus and hacker threats increase, and in addition the damage trail left behind is something of a problem. Not to forget, a majority of "PC Panic" cases I've come across are often times the same common, "major" problem.

Microsoft Criticises Third Party Code for Windows Crashes

Submitted by Preet Wade 2003-08-13 Privacy, Security 65 Comments

Scott Charney, chief security strategist at Microsoft, told developers at the TechEd 2003 conference in Brisbane, that information collected by Dr Watson, the company's reporting tool, revealed that "half of all crashes in Windows are caused not by Microsoft code, but third-party code" . . . Charney also reinforced Microsoft's message to developers and network administrators that they needed to build secure applications and networks "from the ground up"

Insuring Coporate IT Security

Submitted by bogey 2003-08-12 Privacy, Security 12 Comments

In a world of constant security struggles, insurance companies are throwing their hat in the ring. Companies will now have the option to take out a policy on their IT. What effect will this have? It could be big. Remember, insurance price is based largely on risk. This could be bad news for companies with software known to be insecure. Read the article here.

Linux Rated Less Secure than Windows

Eugenia Loli 2003-08-06 Privacy, Security 53 Comments

"This week, however, Linux was also awarded with CC security certification, and as one might expect, this announcement greeted with cheers from the open source community. There's just one catch: Linux got a lower security rating than Windows 2000 did last year." Read it at WinInformant. Update: The WinInformant article is a little slanted in its reporting, since the ratings discussed have little to do with how secure either OS is in real-world use. Keep in mind that to achieve the higher rating, the computer is not allowed to be connected to any network, since network-connected computers are inherently vulnerable. A CNN article shoots a little straighter on the subject. The certification is not a contest to see which is more secure, simply a test to see if the OS matches a certain objective set of criteria. You have to severely cripple a modern OS to make it meet government high security certification.

Microsoft Site Brought Down by DDoS

Guest post by Beryllium 2003-08-02 Privacy, Security 88 Comments

For over an hour today, the Microsoft website was brought offline. Reports indicate that it was a standard Denial of Service attack, rather than an exploit in their hosting platform itself (Windows Server 2003, at last check). However, there is a certain likelyhood that the launch-points for this attack were themselves exploited Windows-based computers. The Department of Homeland Security today issued an unprecedented second warning regaring recent Windows exploits. Is this an isolated incident, or is it an ominous indication of pending cyber attacks on popular internet sites?

Hacker Code Could Unleash Windows Worm

Eugenia Loli 2003-07-26 Privacy, Security 41 Comments

A hacker group released code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, security researchers warned.

Cracking Windows Passwords in Seconds

Eugenia Loli 2003-07-23 Privacy, Security 56 Comments

Researchers outline a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds.

A Quantum Leap in Cryptography

Eugenia Loli 2003-07-16 Privacy, Security 7 Comments

Visionaries are using photons to develop data-security systems that may prove the ultimate defense against eavesdropping hackers.

Microsoft Defends Security Track Record

Eugenia Loli 2003-07-04 Privacy, Security 26 Comments

Software designed by humans will always have flaws, says Microsoft, but the company argues that its security record is improving. Microsoft has admitted it does not expect to ever release completely secure, flawless code, but denied that its software was any less secure than any other complex code.

Windows vs Linux Defacement Occurances

Guest post by David deBiddo 2003-06-07 Privacy, Security 63 Comments

Following Vnunet's "Linux hacks hit all-time high" article a few days back, mi2g once again copped criticism from the wider IT security community. Nonetheless, the original data upon which their report was based illustrates that concerns about Open Source security complacency may have some merit.