Links of Interest–October 5, 2010

Written by on October 5, 2010

Comcast Rolls Out Constant Guard Bot Detection – Comcast has been piloting a security service where it monitors it’s customers PCs for bot activity and notifies them if any is detected. Comcast seems to be taking a good approach to this. They don’t require you to install any software, instead they look for bot related network traffic from your connection.

The notification will include links for self-help or “professional assistance” which will cost you.

Stop – Think – Connect is a website put together by a coalition led by the Anti-phishing Work Group and National Cyber Security Alliance. The website offers tips and advice related to online security.

Macworld provides a quick article on how to encrypt a folder on OS X, no additional software needed.

Ars Technica reports that advertisers have announced a program to allow users to opt-out of behavioral advertising tracking. The program is voluntary on the part of advertisers.

Hotmail has enhanced their security, making it harder to hijack your account.

Categories: Quick Bits - Tags:

Broken Security: It’s The Law (possible future)

Written by on September 28, 2010

Graphic comic image of fist crashing through a wallThe NY Times (among others) reports on the Obama administration’s desire to force software developers to build backdoors into security software. This seems like a law just begging for unintended consequences.

This doesn’t have to be viewed as an evil attempt to expand power. It’s realistic to view this as a way to keep the same abilities as they have with the old technology. Just like businesses that see their market fad away as technology advances, legislate rather than compete.

Let’s assume there’s zero abuse and it’s used as described, after getting a legally obtained warrant for legitimate criminal investigations. How long before those backdoors make it out into the world? It can only be a matter of time.

From the article, an event in Greece was mentioned:

In 2005, it was discovered that hackers had taken advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s.

Unfortunately, unlike telephones, modern communication travels the internet, out there for anyone to pull in the bits.

Let’s face it, the bad guys will still have their own backdoor-free encryption but gain access to the legal stuff. That is, those who were already smart enough to use strong encryption today. It’s not like the U.S. has the market on programmers cornered. There’s also those who say the new law wouldn’t force open source development to include the backdoors.

Others have pointed out there’s other ways to get the information, such as sneaking in a key logger. Granted, probably not a effective as having a ready-made door, but a lot fewer problems. With the backdoor they’ll still only catch the stupid criminals, and the smart criminals will have another way to rip off the honest folks.

The world moves forward, legislation is not going to stop it.

Categories: Application Security - Tags: ,

Microsoft Out of Band Patch for Advisory 2416728

Written by on September 27, 2010

Category tile for Windows Security PatchesMicrosoft will be releasing a security patch to address a vulnerability in ASP.NET documented in security advisory 2416728, “Vulnerability in ASP.NET Could Allow Information Disclosure.” The bulletin lists just about every still supported desktop and server OS along with what appears to be every still supported .NET version.

Initially the patch will only be available for manual download on Tuesday and will then make it to Windows Update in the next few days.

Categories: Windows Security - Tags: , ,

Updates and Moving On

Written by on September 11, 2007

Dead at DeskIt’s been a month since the last update to this site. Reality sets in and I realize I don’t have time to maintain this site and my other site. So I’ll be adding any new security and spam related content to The OS Quest. No more updates to the Spam Chronicles for awhile. What’s already here will remain.

So head on over to The OS Quest for future updates. This week we have:

Security Quest 1a: Recent Security News and Getting Caught Up

Security Quest 1b: Microsoft Patch Tuesday info

Categories: Spam Chronicles 1.0

Microsoft Patch Tuesday for August 2007

Written by on August 14, 2007

Microsoft patch Tuesday for August 2007 brings us 6 critical and 3 important security updates from Microsoft. Microsoft summarizes the patches in their August summary. Every supported desktop version of Windows is affected by one or more patches. Several Microsoft Office versions are also affected along with several versions of Virtual PC and Virtual Server. Microsoft Office for Mac also needs patching.

Rather than repeating all the patches I’ll direct you to news.com which has a good summary of the patches along with links to the individual bulletins. The patches are available through automatic updates or individual downloads.

Happy patching and good luck.

Categories: Spam Chronicles 1.0 - Tags: ,

Next Page »