Hold on to Your Keys!

There have been a few recent incidents of what we previously thought was extremely rare — malware authors using code signing certificates that were issued to companies with good reputations. The high-profile Stuxnet incident included validly signed malware with misappropriated Authenticode certificates from two Taiwanese companies. More recently, it appears a U.S. credit union lost…

0

A strong Password isn’t the strongest Security

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months… Yes, that’s it? Or not?  “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of…

5

Microsoft Freshens Retro Code Lock-Down Tool

Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such as Windows XP or Internet Explorer 6, which remain widely used even though…

0

Microsoft releases Windows Phone 7 to manufacturers (RTM)

Security relevant? Not sure… Fun? Definitely! Can’t await mine… 😉But to still give it a security touch, let’s put this under ‘Consumerization of IT’. http://www.cnet.com/8301-17918_1-20015314-85.html?tag=mncol;1n -Urs  

0

Microsoft Releases SDL Docs with Creative Commons License

[PCMag] In the last several years, for the most part, Microsoft “got” the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows “ecosystem”) to be secure, so they have been increasingly less…

0

Anti-DoS Dynamic IP Restrictions for IIS 7.0 Hits Beta2

Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet Information Services [IIS]. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta2 and is up for grabs via the Microsoft Download Center in two flavors, 32-bit (x86) and 64-bit (x64). http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a0920a32-b63d-4e13-8e42-7ad7ad9b3168 The Dynamic…

1

Security Secrets the Bad Guys don't want you to know

[PCWorld] You already know the basics of internet security, right? But when you’ve got the basics covered, but you still don’t feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today’s most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know.html?&tk=hp_fv Urs    

2

How the Microsoft Azure appliance changes the cloud computing skyscape

Microsoft executive Bob Muglia said he was meeting with a chief information officer last year when the man grabbed him and said, “You don’t get it. We never want another update from Microsoft again.” The man was frustrated by the software updates a corporate customer has to install if it uses Microsoft software — security…

0

Reminder: Support for Windows XP SP2 and Windows 2000 ended July 13, 2010

As Microsoft announced in 2008, support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. Support for Windows 2000 will end on the same date. Customers running an unsupported version of Windows or Windows service pack will not be eligible for any Microsoft support options. Updates, including security updates released with…

0

Microsoft Offers Developers Cloud Security Tips

Microsoft this week published a best practices guide for writing applications to its Windows Azure cloud computing environment. http://download.microsoft.com/download/7/3/E/73E4EE93-559F-4D0F-A6FC-7FEC5F1542D1/SecurityBestPracticesWindowsAzureApps.docx “We wrote this paper because no matter how many defenses we add to Windows Azure, it is important that people building software or hosting services in ‘The Cloud’ understand that they must also build software with…

0