Saturday, August 20, 2005

0 Day Exploit for IE "Imminent" - SANS

There is a new exploit, supposedly already in the wild (though that isn't crystal clear, yet) which SANS warns about, as does US CERT. The link above is to the SANS site.

Best check this one out.

Thursday, August 18, 2005

Legal Ramifications of Trojan/Virii Infections

Here's one I'll bet you never thought of. I surely didn't.

What are the legal ramifications of a company's network becoming infected with one or another sort of malware? We have Sarbanes/Oxley and HIPPA and various state notification requirements when personal data is compromised. What are the responsibilities of these companies under such circumstances?

In fact; one could argue that storing such data on machines which can possibly be infected might violate one or more of these laws. This article does just that. There isn't any legal action taking place on this front right now, but the article makes the point that it is almost inevitable there will be.

Check it out.

Computer virus writers at war, security firm says

'....... "The latest variants of Bozori even remove competing viruses like Zotob from the infected machines," Hypponen said in a statement on the company's Web site.

The worms were blamed for major system trouble at some media outlets and companies in the United States on Tuesday, causing personal computers to restart repeatedly and potentially making them vulnerable to attack.'

New worms hit U.S. media outlets, companies
" The worms, including two called "IRCBOT.WORM" and "RBOT.CBQ", exploit a recently discovered flaw in Microsoft Corp.'s (MSFT) Windows 2000 operating system and were causing personal computers at more than 100 U.S. companies to restart repeatedly and potentially exposed them to attackers who could take control of a system."

MY opinion: w0w, another "service" performed by the worm writers, finding unpatched systems" Does this show up in Performance Reviews? Is IT/MIS an unnecessary expense, in this profit driven market? so many questions, so few good answers OR practices, it seems...

"This is the most significant threat we've seen in at least 12 months," said Vincent Gullotto, vice president of the anti-virus emergency response team at McAfee Inc. (MFE)

But Symantec Corp. (SYMC) and McAfee, the top two computer security companies, as well as Microsoft, said that damage to computer systems on Tuesday was limited and was not likely to cause widespread havoc like other malicious software programs such as SQL Slammer and MyDoom."

Ok, why the dramatic difference in opinion? The Symantec response seems to mirror Microsoft's statement. I wonder what your opinion is if your servers kept rebooting? Perspective is everything ;)


VMware takes dual-core licensing plunge

Microsoft has already done it. So have some others. They've decided to charge by the cpu socket, rather than by processor core count. With modern cpus, you can have more than one core running on a socket.

This is really only a common sense move. There are some notable holdouts, Oracle being chief among them, who are charging by the core. For a number of technical reasons, doubling the number of cores on a chip does not double the available computing power. It's not even close. Gains run from 55% to 80%, depending on a huge number of factors. Everyone's mileage will vary, and probably wildly so.

Eventually, there will have to be some further adjustments, as more and more cores are connected to a single socket. But for now, VMware, MS and others are doing what is only fair. The rest are looking more and more like price gougers and if they don't come around, they're likely to suffer in the image department or the bottom line or both. The market will enforce realism on pricing models, eventually. Until then, the best advice is to watch the fine print in those license agreements.


Adobe Acrobat and Acrobat Reader Security Flaws Fixed

This short article at gives all the details about which versions need patching. Basically, you're going to have to upgrade, which you can do via the facility on the Acrobat or Acrobat Reader toolbar or by downloading manually. This affects virtually ALL PLATFORMS so you Mac and Linux users can't feel smug about this one.

As it's not taking the bad guys any time at all to produce exploits once the existence of a vulnerability is made public, I advise you to go patch right now. Don't wait around. I've patched all our machines, Window and Linux, and many versions of the reader with nary a hitch, so I don't think there is anything to be wary of with this one.


Wednesday, August 17, 2005

Welcome to the Microsoft Security Response Center Blog!

They've activated the Situation Room, because of the MS05-039 exploit on Windows2000 boxes. Here is MS' Statement
Here is the entry in Microsoft's Software Encyclopedia.

All entries courtesy of the weblog in the headline.

Stay ASAP (As Secure As Possible) <--CreativeCommons License ;)
just kidding

Things to do with RSS URL update

URL changed.
15 things you can do with RSS - Tim Yang's Geek Blog

Thanks to Javabeans for this.

Symantec Acquires Endpoint-Security Company Sygate

Many thanks to JohnB for passing this on to us.

From the ariticle:

"The deal will combine Sygate's software for enforcing network security policies and securing so-called 'endpoints,' such as servers, laptops and mobile devices, with Symantec's stable of security wares, according to Symantec."

This appears to be a no-brainer for Symantec, but the question remains will Symantec take the Sygate code and build a better product, or not? Inquiring minds want to know, but only time will tell.

Sun's Linux killer shows promise

The Register has a pretty comprehensive first look at Open Solaris/Solaris 10. It's 4 long pages and pretty much packed tightly. Very much worth the read, though.


Using your neighbor's WIFI

This article is a follow up from a previous article that CNN posted, and was posted here by Alaskajoe thanks to JonathanM.

Its interesting to see what others people's response is. The replies range from, its open, so its free to use, to its stealing, to other replies.

The moral of the story: if you have a wireless network and don't want the rest of the neighborhood sharing it, secure it.

Monday, August 15, 2005

Blank keyboard hits the market

This one just tickled my fancy.


BBC: Total recall boosts PDA writing

The idea of remembering word patterns and connecting the dots might not sound like an easy way to write an e-mail.
But IBM researchers are betting that tracing letters on a touch screen will become the way to write on a handheld device like a PDA or mobile phone.
In tests, people have reached speeds of around 60 to 70 words per minute. While this is slower than touch-typing, it is much faster than tapping out words with a stylus.
Looks interesting.

Sunday, August 14, 2005

OnComputers Radio show Podcast 08-14-05

This is the On Computers Radio show podcast for 08-14-2005. If you prefer, you can download the same file here via ftp.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

'MS05-039 Worm in the wild

MS05-039 Worm
Starting around 11:30 UTC, we've received several reports on a new worm variant that makes use of MS05-039 to spread. If you're not patched yet, this is your last call.

F-Secure named the critter "Zotob.A", '

Make SURE you get the latest updates!


Google Advanced Operators (Cheat Sheet)

Courtesy of the NY Times I put this in my firefox toolbar, I can tell its gonna come in handy :)

and in the "its my luck" department.... A Brilliant New Memory Card a hinged SD card! The computer sees it as an external card, and makes life easier!! "Why, my luck?" you ask... I just got a 1GB SD card for my palm to allow more podcasts and geocaching files but the hotsync works well, after removing the previous install of PalmOS cause of the change in categories, that I never could get around. Another example of how not using Outlook for email , makes life more difficult. But, that's another subject :)


Attacks reported for critical Veritas Backup Exec flaw

From Infoworld:
Symantec, which acquired Veritas in July of this year, says it is "not aware of any vendor-supplied patches for this issue," according to its alert. The company recommends that users block access to the TCP (Transmission Control Protocol) port that uses the service in question, port 10000.
The flaw affects versions 8.x, 9.0, 9.1, and 10.0 of Backup Exec for Windows Servers, Fr-SIRT said.
Just thought I pass this along.