German Proposal Gives A New Perspective On ‘Spyware’

A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples’ VoIP calls and record them for later review. Unencrypted VoIP really isn’t very secure; if you have access to the raw network traffic of a call, it’s not too hard to reconstruct the audio. Encrypted traffic is another story….


Zero Days: How to protect yourself

The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks: SANS Top-20 2007 Security Risks (2007 Annual Update): Urs  


Buffer Overflows Are Top Threat, Report Says

Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline. “And in case you were wondering, Microsoft’s aggressive initiative to shore up its product security appears to be paying off — the level of severity of bugs in the software giant’s products is declining significantly, according…


Group Policy related changes in Windows Server 2008 article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008: Urs    


Researchers warn of AV software risks

…and why also the development of an AV solution needs to go through a Security Development Lifecycle (SDL)! The vulnerabilities in antivirus software make the programs as much a threat, as a help, to corporate network security: And did I allready mentioned that neither Windows Live OneCare or Forefront Client Security are on the list?…


Yankee Group Study and People, Process and Technology

Roger has posted a very good article based on the Yankee group report. I especially like hes linking to existing (or almost existing) technology. I know, it’s a bit long, but worthwile to read every word! 😉 Urs  


Visual Studio 2008 and .NET Framework 3.5 released to manufacturing (RTM)

November 19 – Visual Studio 2008 and .NET Framework 3.5 RTM (Developer, Connected Systems Division)   Microsoft made its flagship development tool, Visual Studio 2008, available for download to its developer subscribers. The release also includes technology called Language Integrated Query (LINQ) which is aimed at making it easier and more secure to build applications that tap…


Microsoft Windows OneCare 2.0 released

Many people don’t have the time or technical expertise to keep up on PC management and protection. Today Microsoft released the next version of Windows Live OneCare, which provides all-in-one, self-updating PC Care designed to help consumers and small businesses maintain the security and performance of their PCs. Windows Live OneCare, a subscription service part…


Unpatched database servers on the Internet

In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall. According to the survey, 157 SQL Servers were found and 53…


Microsoft PowerShell Security

Derek Melber on MicrosoftWindows Powershell: “If you have not heard of PowerShell you must be living under a rock. If you have heard about PowerShell, then you must have been wondering how and if PowerShell is secure. I saw PowerShell for the first time about 4 years ago at an MVP conference. With all of…