There’s been a lot of talk about the DNS vulnerability (CVE-2008-1447) discovered by Dan Kaminsky. The exploit, as detailed by the Common Vulnerabilities and Exposures Database, allows remote attackers to spoof DNS traffic enabling the poisoning of DNS caches in order to send systems to malicious websites. This greatly increases the risk of phishing attacks [...]
Archive for the 'Microsoft' Category
DNS attack in the wild
31Jul08Jeff Jones, a security strategy directory for Microsoft, has published a report on the number of security vulnerabilities during Q1 of 2008 for workstation operating systems including Windows Vista, Windows XP, Mac OS X, Red Hat and Ubuntu. The results are surprising in that Vista had the least reported vulnerabilities while Mac OS X 10.5 [...]
Internet Explorer 7 Weirdness
01Apr08I made the mistake of trying to move my Temporary Internet Files folder from my system disk to a dedicated data disk using the “Move Folder…” button. This can be found on the window that appears after pressing “Delete…” on the “General” tab of the Internet Properties for Internet Explorer 7 on Vista SP1.
When you press [...]
Pro Windows Powershell
01Mar08It’s been a busy few months with Christmas and a couple of skiing trips, and before all the holidays I was busy technical reviewing Pro Windows Powershell written be Hristo Deshev and published by Apress.
I have to admit that it took much longer than I had expected to test all of Hristo’s samples but it was an [...]
95% of Computer systems insecure
29Jan08The Secunia security site has a useful tool called PSI or Secunia Personal Software Inspector that can be used to scan a Windows system for security vulnerabilities. These include both system and application vulnerabilities. This is important as with the increase in the security of the OS (through the better release and patching of Windows [...]
I came across an interesting post from Mark Russinovich on his blog recently. The original post was written a couple of years ago and details how a user with limited user rights can circumvent Microsoft group policies being applied by using the Sysinternals tool called gpdisable. What’s amusing, but not particularly surprising, is that now [...]
Microsoft released their third edition of the Security Intelligence Report last month which summarises the findings of their Malicious Software Removal tool, Windows Defender and OneCare service. This edition reports on the software vulnerabilities, exploits and malicious software discovered between January and June 2007. During this period the report claims that over 3,400 new vulnerabilities [...]
With VMware’s share price rising as much as 91% on the first day of trading, is this the future in IT or just another technology fad? It certainly has some advantages in many situations but it also has its disadvantages.
Staying on the Microsoft theme, MSDN have published guidelines for sidebar gadget developers in order to avoid Cross Site Scripting (XSS) vulnerabilities. As gadgets are built from HTML, JavaScript, and potentially ActiveX controls, they are a prime candidate for XSS vulnerabilities. Bare this in mind before installing the latest gadget you have found on the [...]
Following the launch of Microsoft’s Windows Defender and Forefront Client Security products, Microsoft have launched a Malware Protection Centre which details the top email, desktop and adware threats, as well as a Malware Encyclopedia covering the various types of malware and their use.
Microsoft Technet has also released a Malware Removal Starter Kit which details the steps [...]
