Using Autoplay on Vista To Stop Attacks (Islandhoping)

The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today’s security-conscious IT environments, people are often the weakest link, and malicious users are finding ways to use this to their advantage (think…

1

Tech Insight: Microsoft’s IPSec and NAP/NAC

Windows’ built-in security capabilities offer endpoint alternative to NAP/NACMicrosoft’s support of the IP Security (IPSec) standard was enhanced with the release of Windows Vista this year, and interest in the technology will likely grow with the introduction of Windows 2008. For smaller organizations, IPSec could prove to be a cheap alternative to other network access…

2

Microsoft Files Patent for HoneyMonkey Exploit Finder

Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by our internal research unit. The claim, currently being reviewed at Peer-to-Patent. The HoneyMonkey system, first discussed in August 2005, is best described as an automated Web patrol that uses multiple Windows computers — some unpatched and some fully updated — to…

0

One-fifth of Windows apps go unpatched

Updates are available, but users haven’t installed them, says Secunia. One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9054502&source=NLT_PM&nlid=8 Urs  

2

Future Phishing

Forget the Nigerian prince. Phishing scams are moving beyond the misspelled, far-fetched ruses that clog your in-box and beg for your bank codes. In the year to come, security professionals are warning of bank code-stealing exploits that are much slicker and more convincing–hidden in guises as harmless as a banner ad on a reputable Web…

1

US State Department issues Top 10 list of security threats for US businesses

THE ASSOCIATED PRESS/WASHINGTON – U.S. businesses faced varied threats in 2007 – including cyberattacks in Europe, theft of intellectual property in Asia, natural disasters in Latin America, terrorism on many continents – according to a year-end analysis by the U.S. State Department’s Overseas Security Advisory Council. http://www.mytelus.com/money/news/article.do?pageID=ex_business/home&articleID=2844426  Urs    

2

New Microsoft Security Vulnerability Research and Defense blog

The Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks. http://blogs.technet.com/swi/ Urs

1

THE CABLE GUY: Network Policy Server

Nothing’s more critical to the health of your enterprise than a secure network, and Network Policy Server (NPS), new in Windows Server 2008, is an important tool for managing access. It lets you implement organization-wide policies, providing centralized authentication, authorization, and accounting for a variety of network access devices. Joseph Davies discusses the new features…

0

A very long list of new Microsoft products for 2008…

Bink.nu has an extensive list of new software that Microsoft will be unleashing in the marketplace. See yourself: http://blogs.technet.com/tarpara/archive/2007/12/25/microsoft-s-new-year-is-gonna-bring-a-lot-of-change.aspx Urs  

1

Microsoft SQL Server 2008 Encryption (TechArticles)

Two interesting blogs found on Microsoft SQL Server 2008 and encription: SQL Server 2008 Encryption Keyshttp://blogs.technet.com/andrew/archive/2007/12/24/sql-server-2008-encryption-keys.aspx SQL Server 2008 Transparent Data Encryption and Replicationhttp://blogs.technet.com/andrew/archive/2007/12/21/sql-server-2008-transparent-data-encryption-and-replication.aspx Urs  

1