Recent Posts
<<
Page 1 of 36
>>
Oct 10 Fri
3 Antivirus 2010 Fake Rogue Security Products Continue
Harry Waldron writes "Sunbelt is continuing to warn on three brand new variants from the AntiVirus 2009 family. These products try to simulate legitimate security products and will infect vulnerable systems..."
Oct 9 Thu
Microsoft October Security Advanced Notification Dates and Info
Microsoft Security Response Center writes "...we’ll be holding the October edition of the monthly security bulletin webcast... We will review this month’s release and take your questions live on-air...if you can’t make the live webcast, you can listen to it on-demand...we’ll also be posting the text of the questions and answers from each month’s webcast...."
Oct 8 Wed
Setting an SPN Manually
Michael Kleef writes "Advanced Group Policy Management's service uses SPN's the same way services like Exchange and SQL do. Sometimes SPN's can be misregistered or misconfigured especially if you need to change the service account name that the service logs on with...Heres how to change it:"
Oct 7 Tue
Changing Expiration Date on Forefront Threat Management Gateway Beta
Dennis Lundtoft Thomsen writes "...the 'Update Services License' had expired. (When the TMG Beta is installed, a 90-day license for Malware Inspection is installed)...Turns out that addressing this is really simple:"
Sep 29 Mon
Which Security Strategy Takes More Time: Configuration or Coding?
Lori MacVittie writes "Consider the case of BusinessWeek's infected site; a week after discovering the infection and vulnerability, the site was still not protected...A WAF could have protected that site within hours - if not sooner - of the vulnerability being discovered...A good WAF solution will also provide basic defenses against layer 2-7 attacks..."
Sep 25 Thu
Nevada Law on Encryption - Heavy Stick
Lori MacVittie writes "...new Nevada law requiring encryption of all transmissions containing personal, identifiable information by, well, every business in the state...Then this law will probably become a very heavy stick with which more severe penalties can be applied to the offending business than simply the 15 minutes of infamy that seems to be the punishment for mishandling personal information today."
Sep 24 Wed
Fake Banking Security Update Installs Rootkit
Harry Waldron writes "...a new bank phishing attack that appears to be a realistic message. This new attack may appear as a Wachovia...or Bank of America "connection or security update". It warns the user that they will loose their online banking privileges if this agent is not installed. If users follow these directions..."
Sep 23 Tue
10 Immutable Laws of Security
Jesper Johansson writes "For many years I, and many others, have been referring to the immutable laws of security when trying to explain why something works, or does not work, a particular way...I finally sat down and went through them. The result is a three-piece article series..."
Sep 22 Mon
Overview of Zermatt - Developer Identity Framework
Darryl Schaffer writes "The “Zermatt” Developer Framework provides developers with a set of classes, tools and controls for building claims-aware applications and Security Token Services...earn the essential patterns for authentication, claims-driven behavior, and STS use and development..."
Sep 19 Fri
New QuickTime 7.5.5 and iTunes 8 Exploits
Harry Waldron writes "So far, this exploit is minor in scope, as it can only alter cookie files and cause the new product version to crash. Users should follow further developments..."
Sep 12 Fri
Why You Should Unblock Downloaded Applications
Kenny Kerr writes "there is this little so called security feature that the Windows shell introduced prior to Windows Vista that somehow came along for the ride but never quite got the UAC makeover...Downloading an application and then running it often results in the following dialog box appearing before the application starts:... There are so many things wrong with this dialog box...."
Network Policy Design Using Multiple System Health Validators
Jeff Sigman writes "...how to design network policies when you use multiple system health validators (SHVs),...If you have deployed multiple SHVs, you can configure network policies to match clients that are compliant with some but not all health requirements. Network policies also contain NAP enforcement settings..."
Word Macro Viruses - Returning and Functioning as Downloaders
Harry Waldron writes "...be careful with Word documents they might find in email or receive from others. A macro virus can spread rapidly, as the Word master template will become infected and embed a copy of the virus in any documents edited or created. The virus spreads through an organization like wild fire..."
Sep 10 Wed
Developing with X509 Certificates
Michael Stiefel writes "...let us assume that the we want to use the certificate to encrypt a message from the client to the service. It is easy to apply what we discuss here to other scenarios....We will use a tool called makeCert to generate our certificates. Makecert, which ships with the .NET platform, allows you to build an X509 certificate that can be used for development and testing. It does three things:..."
Sep 8 Mon
Explaining Delegation - Traversing Multilayer Architectures
Vittorio Bertocci writes "...very good example of that in the SDK...it's the Identity Delegation Scenario. It is pretty neat, in a single solution it shows both the active & passive cases. As you know this is a beta, so the object model may change here and there: however the idea of delegated issuance is rooted in WS-Trust..."
<<
Page 1 of 36
>>