http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-17 22:35:43 - SearchVMware.com VMware tips and tricks : While SMBs might be enticed by the ready availability of Windows Server 2008 to try Hyper-V, evaluation and forward-looking planning could cause many companies to drop the younger, cheaper platform in favor of its main competitor, VMware vSphere IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202742.shtmlhttp://www.secuobs.com/revue/news/202742.shtml 2010-03-17 22:30:27 - The Tech Herald Security News : Researchers at Core Security have published an advisory warning that vulnerabilities, which would otherwise be non-exploitable on a non-virtualized OS, could be exploited when the OS is running as a guest inside Microsoft s Virtual PC and Virtual Server Microsoft has responded, noting that what Core describes is not an actual vulnerability http://www.secuobs.com/revue/news/202734.shtmlhttp://www.secuobs.com/revue/news/202734.shtml 2010-03-17 20:35:32 - News : With improved speed and support for HTML 5, Internet Explorer 9 could be Microsoft's next step toward restoring its old mojo IMAGE http://www.secuobs.com/revue/news/202704.shtmlhttp://www.secuobs.com/revue/news/202704.shtml 2010-03-17 19:53:00 - Rootsecure.net : ZDNet UK Microsoft says it decimated Waledac botnet http://www.secuobs.com/revue/news/202696.shtmlhttp://www.secuobs.com/revue/news/202696.shtml 2010-03-17 19:01:40 - News : At the MIX Web developer conference, Windows Phone 7 executives had relatively little to say about the now-unnamed browser on the new mobile operating system At the same time, the company announced preview version of much advanced technology and features in what will eventually be Internet Explorer 9 IMAGE http://www.secuobs.com/revue/news/202664.shtmlhttp://www.secuobs.com/revue/news/202664.shtml 2010-03-17 17:01:10 - Infosecurity USA Latest News : Security research company Core Security says that it has found a security flaw in Microsoft's Virtual PC hypervisor that could undermine fundamental security measures included in the Vista and Windows 7 operating systems http://www.secuobs.com/revue/news/202612.shtmlhttp://www.secuobs.com/revue/news/202612.shtml 2010-03-17 16:41:16 - Slashdot Your Rights Online : Glyn Moody writes Horacio Gutierrez, Microsoft's Corporate Vice President and Deputy General Counsel, has just published a piece called 'Apple v HTC A Step Along the Path of Addressing IP Rights in Smartphones' In it, he notes that today's smartphones are all about the 'software stack,' not the 'radio stack,' and that 'as the IP situation settles in this space and licensing takes off, we will see the patent royalties applicable to the smartphone software stack settle at a level that reflects the increasing importance software has as a portion of the overall value of the device In the interim, though, we should expect continued activity' That 'activity' obviously means lawsuits against those producing those software stacks, and Gutierrez seems to be hinting strongly that Microsoft intends to join in So where does that leave all the Linux-based stacks such as the increasingly-popular Android Is this just a clever way for Microsoft to start a patent war on Linux without appearing to do so IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202608.shtmlhttp://www.secuobs.com/revue/news/202608.shtml 2010-03-17 06:13:39 - News : A court in Texas has ordered Microsoft to pay communications software maker VirnetX US 10575 million after a jury found it guilty of willful infringement of two patents belonging to the company IMAGE http://www.secuobs.com/revue/news/202495.shtmlhttp://www.secuobs.com/revue/news/202495.shtml 2010-03-17 05:43:53 - Hack In The Box : Researchers at Core Security Technologies issued an advisory today about a new security vulnerability that leaves users of Microsoftâ s Virtual PC software open to attack According to Core Security, certain versions of the Virtual PC hypervisor contain a vulnerability that allows attackers to bypass Windows security mechanisms, including Data Execution Prevention DEP and Address Space Layout Randomization This means other bugs that are not exploitable when running in a non-virtualized operating system could be exploited if running within a guest OS in Virtual PC â The vulnerability can be exploited locally within a virtualized system to escalate privileges or remotely for code execution in combination with any client-side bug for which existing patches have not been applied or with any client-side bug for which a fix has not been developed after dismissing the bug as not exploitable or of low priority,â Ivan Arce, CTO of Core Security, told eWEEK in an e-mail â The vulnerability does not seem usable to escape from a virtualized OS guest to execute code in the context of the non-virtualized OS host Use of the vulnerability to implement covert inter-process communications within the virtualized OS or to establish inter-VM virtual machine communication have not been researched in full but are deemed possibleâ http://www.secuobs.com/revue/news/202490.shtmlhttp://www.secuobs.com/revue/news/202490.shtml 2010-03-17 01:17:12 - SearchSecurity Security Wire Daily News : An error in Microsoft Virtual PC can make some harmless bugs on physical PCs much more serious in virtual environments, according to an advisory by Core Security Technologies Inc IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202396.shtmlhttp://www.secuobs.com/revue/news/202396.shtml 2010-03-16 23:55:10 - The Security Development Lifecycle : Jeremy Dallman here I wanted to let you know about a great paper from Fortify, one of our newest SDL Pro Network Tools members The paper highlights the Microsoft SDL approach to secure software development and shows how Fortify s security solutions can help you implement the SDL and create deploy more secure software At RSA 2010 last week, Fortify published a paper titled Optimizing the Microsoft SDL for Secure Development Fortify Solutions to strengthen and streamline a Microsoft SDL Implementation This paper does an excellent job of explaining the challenges of developing secure software, detailing the Microsoft SDL approach to secure software development, and mapping Fortify s solution offerings to each SDL Practice based on the Simplified Implementation of the SDL If you are looking for tools to support your implementation of the SDL, I would encourage you to read through Fortify s paper to see if their solutions can help you IMAGE http://www.secuobs.com/revue/news/202373.shtmlhttp://www.secuobs.com/revue/news/202373.shtml 2010-03-16 23:02:23 - SANS Internet Storm Center InfoCON green : Microsoft released a Platform Preview version of the next version of Internet Explorer more http://www.secuobs.com/revue/news/202364.shtmlhttp://www.secuobs.com/revue/news/202364.shtml 2010-03-16 22:03:06 - threatpost The First Stop for Security News : An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft s Virtual PC virtualization software to malicious hacker attacks The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations -- Data Execution Prevention DEP , Safe Exception Handlers SafeSEH and Address Space Layout Randomization ASLR -- to exploit the Windows operating system Shorten URL http threatpostcom en_us 3hj Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/202345.shtmlhttp://www.secuobs.com/revue/news/202345.shtml 2010-03-16 21:36:15 - Zero Day : Some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC IMAGE http://www.secuobs.com/revue/news/202338.shtmlhttp://www.secuobs.com/revue/news/202338.shtml 2010-03-16 17:41:10 - News : Steve Ballmer doesn't use one but apparently as many as 10,000 Microsoft employees do Embarrassingly, the device in question is Apple's iPhone http://www.secuobs.com/revue/news/202231.shtmlhttp://www.secuobs.com/revue/news/202231.shtml 2010-03-16 16:19:54 - Roer.com Information Security blog : IMAGE Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese The admission was the second in the past two days from Microsoft's Office team of a gaffe involving a recent security update Friday's announcement involved the seven-patch update Microsoft shipped on Tuesday for Excel We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the 'Add or Remove Programs' tool Win dows XP or the 'Programs and Features' -- 'Installed Updates' view Vista, Win dows 7 , Microsoft said in an entry published early today on the Office Sustained Engineering blog The two updates Microsoft referenced, KB978471 and KB978474, were the patch collections for Excel 2002 and Excel 2003, respectively According to Microsoft, the patches are displayed in Add or Remove Programs in simplified Chinese rather than the intended English If English text is a requirement, there is a two-part workaround available, said Microsoft as it told users to first uninstall Tuesday's Excel update, then download and install a revamped version Read the article img http s17photobucketcom home The_Wizard_of_OZ http://www.secuobs.com/revue/news/202197.shtmlhttp://www.secuobs.com/revue/news/202197.shtml 2010-03-16 03:31:37 - News : Microsoft officials Monday confirmed at the company's MIX 10 developers event in Las Vegas that native applications will not be allowed on Windows Phone 7 devices Only applications running in the Silverlight runtime environment or games in the XNA Game Studio runtime will be allowed IMAGE http://www.secuobs.com/revue/news/201980.shtmlhttp://www.secuobs.com/revue/news/201980.shtml 2010-03-16 03:31:37 - News : At the start of its annual MIX 10 Web developer conference, Microsoft announced the immediate free release of mobile-enabled versions of its latest core development tools for Windows Phone 7 IMAGE http://www.secuobs.com/revue/news/201978.shtmlhttp://www.secuobs.com/revue/news/201978.shtml 2010-03-16 00:48:55 - Hack In The Box : It appears Microsoft won't wait until April's Patch Tuesday to release a fix for a recently revealed zero-day vulnerability found in the company's popular web browser, Internet Explorer The company is, according to reports, working furiously to get the patch out soon, but hasn't guaranteed it will arrive here before next month Releasing emergency patches is rare for Microsoft However, if the situation warrants fast action the company has demonstrated in the past that it will jump days or even weeks ahead of its monthly Patch Tuesday releases In this case, Microsoft's March Patch Tuesday came with just a few fixes but a heavy warning from Microsoft about an Internet Explorer 6 and 7 flaw that could allow for remote code execution by hackers http://www.secuobs.com/revue/news/201935.shtmlhttp://www.secuobs.com/revue/news/201935.shtml 2010-03-16 00:48:55 - Hack In The Box : Today during its MIX developer conference, Microsoft shared more details about Windows Phone 7 and the tools developers can use to write applications for it In a shocking revelation, Microsoft admitted to a decidedly Apple-like approach to how it will distribute Windows Phone 7 apps All apps must be approved by Microsoft, and can only be distributed via the Windows Marketplace for Mobile Well, this is interesting The MIX conference keynote offered up all sorts of details on how developers can use SIlverlight and XNA to write applications for Windows Phone 7 The SDKs went live earlier this afternoon, and are free for anyone to download and test out Microsoft also introduced a new version of the Marketplace for Windows Mobile http://www.secuobs.com/revue/news/201933.shtmlhttp://www.secuobs.com/revue/news/201933.shtml 2010-03-16 00:48:55 - Hack In The Box : Microsoft has been forced to admit that a security update for its popular Excel application caused non-English text to appear on some usersâ screens In a posting on the Office Sustained Engineering blog, Microsoft engineers branded the error a â cosmetic issueâ caused by the firmâ s patch update which shipped on Tuesday â We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the Add or Remove Programs tool WinXP or the Programs and Features -- Installed Updates view Vista, Win7 ,â the posting noted http://www.secuobs.com/revue/news/201927.shtmlhttp://www.secuobs.com/revue/news/201927.shtml 2010-03-15 23:31:59 - eSecurity Planet Features : On the heels of a researcher releasing an exploit for a newly discovered security hole, Microsoft has vowed to deliver a speedy patch and to help out worried users http://www.secuobs.com/revue/news/201904.shtmlhttp://www.secuobs.com/revue/news/201904.shtml 2010-03-15 23:14:01 - securitystream.info : For those too stubborn to upgrade Microsoft has released automated workarounds designed to immunize users against a critical vulnerability in earlier versions of Internet Explorer, which criminals are already exploiting online Related posts 1 Microsoft issues security advisory on IE vulnerability 2 New Internet Explorer code-execution attacks go wild 3 Microsoft plugs zero-day IE hole http://www.secuobs.com/revue/news/201902.shtmlhttp://www.secuobs.com/revue/news/201902.shtml 2010-03-15 22:48:16 - 4sysops : Spiceworks 46 is out Microsoft Select Licensing Discontinued Silverlight on 60 per cent of internet devices My view Silverlight will be Microsoft s main gateway to the cloud Microsoft announces more Windows Phone 7 details Windows Phone 7 New Samsung device and hardware specs revealed Windows Phone 7 Apps Must Be Microsoft Approved Gartner http://www.secuobs.com/revue/news/201866.shtmlhttp://www.secuobs.com/revue/news/201866.shtml 2010-03-15 19:47:28 - News : Microsoft will unpack the technical details of Windows Phone 7 at next week's annual MIX development conference Here are the company's priorities for the its retooled mobile platform IMAGE http://www.secuobs.com/revue/news/201810.shtmlhttp://www.secuobs.com/revue/news/201810.shtml 2010-03-15 18:04:41 - Global Security Mag Online : ESET annonce la disponibilité de ESET Mail Security pour Microsoft Exchange Server, la solution de messagerie professionnelle de Microsoft Construit autour de la quatrième génération du moteur ThreatSense , ESET Mail Security pour Microsoft Exchange Server intègre de nouvelles fonctionnalités d'antispam et de greylisting pour le traitement des courriers indésirables Le module de protection antispam intègre plusieurs technologies, telles que l'usage de listes RBL et DNSBL, le contrôle de la - Produits http://www.secuobs.com/revue/news/201749.shtmlhttp://www.secuobs.com/revue/news/201749.shtml 2010-03-15 17:22:28 - Zero Day : Microsoft has released a one-click fix-it workaround to help Web surfers block malware attacks against an unpatched Internet Explorer vulnerability IMAGE http://www.secuobs.com/revue/news/201732.shtmlhttp://www.secuobs.com/revue/news/201732.shtml 2010-03-15 16:39:36 - threatpost The First Stop for Security News : Microsoft has released a one-click fix-it workaround to help Internet Explorer users block malware attacks against an unpatched browser vulnerability The Fix-It workaround, available here, effectively disables peer factory in the iepeersdll binary in affected versions of Internet Explorer Shorten URL http threatpostcom en_us 3S4 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/201705.shtmlhttp://www.secuobs.com/revue/news/201705.shtml 2010-03-15 12:10:09 - The Tech Herald Security News : Microsoft is working to patch an Internet Explorer vulnerability disclosed on the same day they released their monthly security fixes However, while the patch is undergoing testing, don t hold your breath expecting it anytime soon http://www.secuobs.com/revue/news/201631.shtmlhttp://www.secuobs.com/revue/news/201631.shtml 2010-03-15 11:44:42 - CNET France Spécial : Deux correctifs pour Excel publiés dans le cadre du Patch Tuesday de mars provoquant des plantages ou l affichage de mauvaises boîtes de dialogue Lire l'article http://www.secuobs.com/revue/news/201625.shtmlhttp://www.secuobs.com/revue/news/201625.shtml 2010-03-15 10:12:54 - Rootsecure.net : WSJ Forbidden Fruit - Microsoft Workers Hide Their iPhones http://www.secuobs.com/revue/news/201615.shtmlhttp://www.secuobs.com/revue/news/201615.shtml 2010-03-14 10:31:35 - Network World on Security : Microsoft is testing a patch for a critical vulnerability in Internet Explorer, but stopped short of promising to deliver an emergency fix before the next scheduled Patch Tuesday http://www.secuobs.com/revue/news/201460.shtmlhttp://www.secuobs.com/revue/news/201460.shtml 2010-03-14 00:10:56 - Terry Zink's Anti malware Blog : Instant messaging spam, or spim Spam over IM , is not something I have a lot of experience with However, yesterday Thursday, March 11 , Microsoft announced that it reached a settlement with Funmobile, a company it sued last July, accusing it of using its service to spam users From ZDnet Microsoft said on Thursday it has reached a settlement with Funmobile, the Hong Kong-based company it sued last July over accusations that Funmobile was using instant messaging spam to trick users into giving up their account information The software maker said it has obtained an injunction against Funmobile requiring it to refrain from 'spimming' sending IM-based spam to customers or contacts of Windows Live Messenger, and to make a cash payment to Microsoft The successful resolution of this case sends a clear signal that Microsoft does not tolerate abuse of its networks, and we will continue to take action to protect our customers, said Microsoft associate general counsel Tim Cranton in a statement Microsoft had accused Funmobile of targeting users on its Live Messenger network to gain their personal information Live Messenger has more than 320 million users, according to the company In the suit, Microsoft cited a number of attacks, including IMs that appear to be coming from users the victims know TZ emphasis mine It also described phishing attacks that mimic the look and feel of an outside service or an official Microsoft support page The company said the successful use of these tactics allowed third parties to obtain these users' personal account information, then exploit it by sending mass spam and phishing messages to the contacts of those users Such attacks on instant messaging services are more than just a nuisance they are a threat to user privacy, said Cranton Technically speaking this is not phishing since phishing, by definition, is the attempt to trick somebody into providing financial information The tactic is here is known as spoofing and belongs to the broader area of attack known as social engineering It plays on the psychology of brand recognition Companies like Coca-Cola rely on their brand to sell their product around the world People feel good when they are in a foreign place but see the familiar logo of Coke they are in a restaurant, and so they order one note I do this regularly when I travel outside of the US and Canada Images of familiarity when we are in unfamiliar territory causes our brains to release chemicals endorphins that make us feel good That comfort level breaks down some of our barriers If we were to see a message coming from someone we don t recognize, instantly our guard is up and we are less likely to be complicit in a spammer s spimmer s request However, by impersonating somebody we know, if we don t realize right away that this is a spoof, our brains release endorphins and we enter a more suggestible state This is because we recognize the brand of our own personal social network We like to talk to people we know we are comfortable with them and therefore our guards are down The chances of us being more complicit in the release of private information is higher when we are more suggestible This isn t Cranton s or Microsoft s stance, however It s more of an incidental The greater point is that Microsoft has Terms of Service and abusive users of its service are subject to being shut down This also plays into Gary Warner s blog post where he advocates that bad guys need to stop worrying about having to lease new servers, and start worrying about the long arm of the law knocking at their door While Microsoft s actions in this case is not about using law enforcement to shut down a botnet, they aren t far away from it by using the legal arena to force an abusive service to stop doing it Hopefully, this will cause Funmobile to think twice before they start phishing other users Hopefully even more, it will cause other services like Funmobile to do the same IMAGE http://www.secuobs.com/revue/news/201426.shtmlhttp://www.secuobs.com/revue/news/201426.shtml 2010-03-13 15:04:31 - Information Security Short Takes : The March update brings two advisories, with eight vulnerabilities covered MS10-016 Potential Remote Code Execution in Windows Movie Maker, covering one vulnerability CVE-2010-0265 Buffer Overflow in Movie Maker and Producer Microsoft rates it as Exploit Index 1 Deployment Priority 2 MS10-017 Potential Remote Code Execution in Excel Excel Viewer Office for Mac Office Compatibility Pack, Excel Services covering 7 vulnerabilities CVE-2010-0257 Record Memory Corruption CVE-2010-0258 Sheet Object Type Confusion CVE-2010-0260 MDXTUPLE Record Heap Overflow CVE-2010-0261 MDXSET Record Heap Overflow CVE-2010-0262 FNGROUPNAME Record Uninitialized Memory CVE-2010-0263 XLSX File Parsing CVE-2010-0264 DbOrParamQry Record Parsing Microsoft rates it as Exploit Index 1 Deployment Priority 2 IMAGE http://www.secuobs.com/revue/news/201359.shtmlhttp://www.secuobs.com/revue/news/201359.shtml 2010-03-13 11:27:41 - Network World on Security : Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese http://www.secuobs.com/revue/news/201333.shtmlhttp://www.secuobs.com/revue/news/201333.shtml 2010-03-13 01:55:26 - InSecurity Complex : Software giant's patch process speeds up after researcher releases code on Net that can be used to target the vulnerability and take over PCs http://www.secuobs.com/revue/news/201292.shtmlhttp://www.secuobs.com/revue/news/201292.shtml 2010-03-12 18:01:17 - Channel 9 : IMAGE Microsoft CRM is a customer relationship management product As with the application of most products discussed in this space, everybody wants to do things differently and so customization is required Giving people source code for customization, however, is typically a very bad idea In this episode, Steve Kaplan, Gonzalo Ruiz, and Nirav Shah from the Microsoft CRM team join me to discuss how they are moving from NET 35 Workflow to NET 4 workflow, the lessons learned from this transition, and the great results they have so far http://www.secuobs.com/revue/news/201151.shtmlhttp://www.secuobs.com/revue/news/201151.shtml 2010-03-12 17:55:37 - Computer Security News : Microsoft's March patch day arrives as a mixed blessing for IT administrators On the one hand, Microsoft is releasing only two security bulletins to address eight vulnerabilities in Windows and Microsoft Office http://www.secuobs.com/revue/news/201148.shtmlhttp://www.secuobs.com/revue/news/201148.shtml 2010-03-12 01:34:15 - securitystream.info : Google apps 'postponed' on China carriers Motorola will soon push Microsoft's Bing search engine onto Android phones in China, after announcing an alliance with the Redmond software giant that will see Bing appear on Androids across the globe The power of collaboration within unified communications Related posts 1 Google no timetable on China talks 2 Microsoft warns over rogue Security Essentials 3 Microscope-wielding boffins crack cordless phone crypto http://www.secuobs.com/revue/news/200943.shtmlhttp://www.secuobs.com/revue/news/200943.shtml 2010-03-12 01:15:29 - Security Bloggers Network : Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it's small or a big release While the exact details of the patches are generally treated as news, the expected workload each month really shouldn't be a guessing game because Microsoft's patch releases are predictably cyclical I don't have any special inside knowledge, and I can't speak for Microsoft, but when I look at the publicly available information it's pretty clear to me how the cycle works 60 Day QA Cycle A 30 to 60 day QA cycle on a Microsoft patch is typical, and it's actually pretty easy to tell how many days a patch was probably in QA If you are curious, download the patch manually and take a look at the date the file was digitally signed This isn't an absolutely accurate date because a patch could drop in and out of the QA process several times, but it's a reasonable approximation Using this method I calculated the average dates for the Dec 2009 patches at 54 days, November 2009 patches at 36 days, and October 2009 at 45 days It's not too hard to jump from those numbers to an average 60 day cycle Roller Coaster Months The security teams in charge of acquiring, testing and installing patches can feel like they are on a roller coaster with Microsoft patches In just the first three months of 2010 we've already had wild swings in the number of CVEs and bulletins January saw 2 bulletins, followed by huge February with 13, and then this week we saw just 2 again If we plot the number of bulletins along side the number of CVEs patched each month, there is a distinct pattern Most Microsoft patches are obviously on a two month push The first graph plots Microsoft release trends from January 2006 to March 2010 The second graph shows just the last two years, 2008 and 2009, where the wild up and down pattern is more obvious chart1png chart2png Lessons Learned We'll never be able to predict the exact patch details for any month, but security teams can use these data points to help with planning We all know that resources are short, but the risks and threats continue to grow, so better utilization of resources has never been more important There are no shortage of vendor patches Luckily, Microsoft not only releases their patches on a predefined schedule, they are also fairly predictable in size Since March was a pretty light Patch Tuesday, we can expect that the bulletin count for April will jump back up into double digits If you are the resource manager for a team of people in charge of your company's patching methodology, just knowing that can help you plan This month is your chance to catch up from January Thinking ahead to April, it makes sense to anticipate a large release from Microsoft so plan to have all hands on deck Not really much of a mystery after all is it IMAGE IMAGE http://www.secuobs.com/revue/news/200924.shtmlhttp://www.secuobs.com/revue/news/200924.shtml 2010-03-12 00:45:14 - Hack In The Box : As much as Microsoft would like security problems to just go away, they won't The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil But there are many things that Microsoft should do to improve the situation We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it Microsoft sent out a patch March 9 for security holes in Office Excel and Windows Movie Maker Recent reports also suggest that a zero-day vulnerability is currently being used to attack Internet Explorer 6 and 7, allowing malicious hackers to run remote code The software giant said it's aware of problems affecting computers because of the IE flaw But it's just another in a long line of vulnerabilities that have yet to be patched in IE, Windows and several other Microsoft products Security has been an enormous issue for Microsoft throughout the years As its software became more popular and as hackers became more sophisticated, Microsoft customers were being targeted at an astounding rate http://www.secuobs.com/revue/news/200900.shtmlhttp://www.secuobs.com/revue/news/200900.shtml 2010-03-11 23:05:16 - News : Late last week, Google made another aggressive move to stay ahead of Microsoft in the online productivity tools space by acquiring DocVerse, a startup founded by two former Microsoft employees, known for tools that let users collaborate on Microsoft Office files on the Web IMAGE http://www.secuobs.com/revue/news/200861.shtmlhttp://www.secuobs.com/revue/news/200861.shtml 2010-03-11 23:01:44 - The Tech Herald Security News : For the first time in almost two years, Microsoft didn t include a patch rated critical in their monthly security updates The two that were released Tuesday, both rated important, were overshadowed by an Internet Explorer vulnerability that is being exploited online, and recently had exploit code published Patches On Tuesday, Microsoft released two bulletins that addressed eight vulnerabilities in Windows Movie Maker and Microsoft Producer 2003, as well as Excel http://www.secuobs.com/revue/news/200849.shtmlhttp://www.secuobs.com/revue/news/200849.shtml 2010-03-11 21:47:09 - News : Microsoft is offering financial enticements to customers of on-demand ERP enterprise resource planning vendor NetSuite to switch over to Microsoft's Dynamics family of business applications IMAGE http://www.secuobs.com/revue/news/200820.shtmlhttp://www.secuobs.com/revue/news/200820.shtml 2010-03-11 04:39:51 - News : The US Federal Court of Appeals has once again upheld a jury's verdict that Microsoft willfully infringed on patents awarded to i4i IMAGE http://www.secuobs.com/revue/news/200522.shtmlhttp://www.secuobs.com/revue/news/200522.shtml 2010-03-11 01:35:20 - CNIS mag : L indice de risque des seules MS-010-016 et MS-010-017 est teinté de carmin Le patch Tuesday de ce mois de mars est d autant plus intéressant qu il se focalise sur un produit mineur une faille de Movie Maker et un défaut touchant un produit bureautique, Excel, tant sous Windows que sur Macintosh En revanche, il http://www.secuobs.com/revue/news/200474.shtmlhttp://www.secuobs.com/revue/news/200474.shtml 2010-03-11 00:45:02 - Channel 9 : IMAGE Today I'd like to introduce you to another piece of new technology from Microsoft Research Labs Image Composite Editor ICE with Multi-Image Fusion In the current version of ICE, it provides advanced features for panoramic stitching such as choosing the stitch s orientation, custom projection, and selecting a 360 stitch s mid-point, and this tool also integrates nicely as a plug-in into Windows Live Photo Gallery Here we ll show you some of the upcoming new features in ICE such as Structured Panoramas Stitching Panoramas from Video Sharp Panoramas from Blurry Videos Creating Photographs from Videos Multi-Image Denoising and Sharpening using Lucky Imaging http://www.secuobs.com/revue/news/200458.shtmlhttp://www.secuobs.com/revue/news/200458.shtml 2010-03-10 23:26:00 - Terry Zink's Anti malware Blog : A couple of weeks ago, I wrote on the story that Microsoft had obtained a court order to take down numerous domains associated with the Waledac botnet It s now been a period of time since then, did the takedown actually affect spam levels out of waledac According to Spamhaus in a statement granted to ZDNet, it had little effect, if any The throttling of Waledac, which Microsoft claimed to have achieved by means of legal action last week, has led to no appreciable reduction of junk mail coming from the botnet, anti-spam organisation Spamhaus told ZDNet UK on Tuesday The amount of spam coming from Waledac before the takedown was less than one percent of all spam , and that hasn't changed much, said Spamhaus chief information officer Richard Cox There's been a slight change, nothing major, and we would expect it to be a lot different According to Cox, and Sophos Labs, Microsoft s targeting of Waledac is odd because it is such a small botnet and accounts for so little traffic I've been chatting to colleagues, and we don't understand why Microsoft took these measures against Waledac , said Cox There are other botnets, for example Zeus, that do immense harm fraud-wise Computer security company Sophos agreed that it had seen no appreciable difference in the amount of spam coming from Waledac after Microsoft's action We can't see a direct correlation between Microsoft's takedown efforts and a reduction in spam from Waledac, said Fraser Howard, a principal researcher at Sophos Labs In addition, there has been no noticeable reduction in spam volumes overall, according to Howard If the botnet contributed significantly to spam, we would have expected to see a sharp step down in spam volumes, said Howard There is no distinct difference between before and after the takedown Not everyone agrees that the Waledac takedown was fruitless, though Security company F-Secure said on Wednesday March 3 it had seen a drop in spam coming from Waledac zombies, and a decrease in the number of binary samples from Waledac-related messages Microsoft might have decapitated Waledac , it should be interesting to watch, said F-Secure researcher Sean Sullivan Sullivan said the ability of the botnet to spread malware may have been severely inhibited by Microsoft's action From 8 February to 21 February, F-Secure detected 58,913 instances of Waledac malware attempting to circumvent F-Secure security software After the takedown, from the 22 February until 3 March, F-Secure detected 1,113 instances Despite this respite in Waledac attacks, Sullivan said F-Secure would not be surprised to see the botnet come back So, according to this article, and some other sources I have talked to, here is the reaction to Microsoft s take down Waledac was a small player to begin with The takedown didn t do much at all Although in some places, it did have a noticeable effect Waledac will be back eventually The reason for Waledac s resiliency is that while several domains were taken offline, Waledac also relies on peer-to-peer traffic In that regards, it doesn t matter if a domain is taken down because the nodes are not communicating with it anyway Thus, if that is the case, then it suggests that Waledac doesn t rely on domains for spam distribution and instead uses it for something else, such as pointing to payload in spam IMAGE http://www.secuobs.com/revue/news/200426.shtmlhttp://www.secuobs.com/revue/news/200426.shtml 2010-03-10 23:09:30 - Recognize Security : A new Microsoft Internet Explorer 0day exploit has been found circulating in-the-wild According to Microsoft, there are targeted attacks attempting to use this vulnerability Microsoft published a security advisory for this vulnerability here Microsoft Security Advisory 981374 Vulnerability in Internet Explorer Could Allow Remote Code Execution The vulnerability is a use-after-free invalid pointer reference vulnerability within http://www.secuobs.com/revue/news/200423.shtmlhttp://www.secuobs.com/revue/news/200423.shtml 2010-03-10 20:32:52 - Tenable Network Security : Attacks Happen There are many reasons why attackers may target your organization they could be after your intellectual property, they may have political reasons or there may be financial motivations if you have credit card data stored on your network http://www.secuobs.com/revue/news/200365.shtmlhttp://www.secuobs.com/revue/news/200365.shtml 2010-03-10 19:33:46 - SANS Internet Storm Center InfoCON green : Yesterday Microsoft re-released KB973811 http wwwmicrosoft more http://www.secuobs.com/revue/news/200339.shtmlhttp://www.secuobs.com/revue/news/200339.shtml 2010-03-10 18:03:51 - Blog of Trust : As well as mixing up Trusted Computing and Trustworthy Computing, the article by Gary Richmond had this bit of badly-written hyperbole that gave me a laugh Barely a day goes by when you switch on your computer, plug into the web and come across yet another deranged scheme to restrict freedom in the name of security, http://www.secuobs.com/revue/news/200285.shtmlhttp://www.secuobs.com/revue/news/200285.shtml 2010-03-10 17:36:39 - Global Security Mag Online : KB98015 Bulletin de sécurité Microsoft MS10-015 Date 10 Mars 2010 Plateforme Windows Programme Microsoft Excel Gravité Elevée Exploitation Avec un fichier malicieux Dommage Accès au système Description Microsoft vient de corriger sept vulnérabilités affectant Microsoft Excel de la suite Office Celles-ci permettaient à un attaquant distant de compromettre un système Ces failles de sécurité proviennent de la façon dont Excel traite les fichiers XLS La première - Vulnérabilités http://www.secuobs.com/revue/news/200272.shtmlhttp://www.secuobs.com/revue/news/200272.shtml 2010-03-10 16:34:05 - Infosecurity USA Latest News : Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer http://www.secuobs.com/revue/news/200237.shtmlhttp://www.secuobs.com/revue/news/200237.shtml 2010-03-10 15:31:58 - Computer Security News : Article Microsoft warns of new IE bug attacks under way g a 2010 03 09 urnidgns852573C400693880002576E1006A4E53DTL Article Microsoft warns of new IE bug attacks under way g a 2010 03 09 urnidgns852573C400693880002576E1006A4E53DTL 11 27 PST -- Microsoft today warned of a critical vulnerability in Internet Explorer that is already being http://www.secuobs.com/revue/news/200214.shtmlhttp://www.secuobs.com/revue/news/200214.shtml 2010-03-10 15:14:06 - Les derniers documents du CERTA. : Une vulnérabilité dans Microsoft Internet Explorer permet l'exécution de code arbitraire à distance http://www.secuobs.com/revue/news/200211.shtmlhttp://www.secuobs.com/revue/news/200211.shtml 2010-03-10 15:14:06 - Les derniers documents du CERTA. : De multiples vulnérabilités dans Microsoft Excel permettent l'exécution de code à distance http://www.secuobs.com/revue/news/200209.shtmlhttp://www.secuobs.com/revue/news/200209.shtml 2010-03-10 14:24:51 - security_watchdog : The percentage of targeted attacks exploiting vulnerabilities in Adobe Reader is growing at a significant rate, outstripping Microsoft Word, Excel and PowerPoint, according to the latest figures from security firm F-Secure In a new blog posting, the firm urged users to patch a critical vulnerability in the popular software which was discovered last month and is being actively exploited in the wild Our sample was submitted by a European financial organisation and the file name includes a reference to the G20, the blog posting explained The exploit drops a downloader and attempts to make a connection to tiantianninthbiz We detect this attack as Exploit W32 PDFExploitG It doesn't surprise us to see this Adobe Reader vulnerability utilised so quickly According to F-Secure's research, targeted attacks exploiting Adobe Reader grew from around 49 per cent last year to over 60 per cent in the first two months of this year By comparison, Microsoft Word accounted for around 39 per cent of targeted attacks so far this year, slightly up from 34 per cent in 2009 Excel and PowerPoint attacks stood at around seven per cent http://www.secuobs.com/revue/news/200198.shtmlhttp://www.secuobs.com/revue/news/200198.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200154.shtmlhttp://www.secuobs.com/revue/news/200154.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200153.shtmlhttp://www.secuobs.com/revue/news/200153.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200152.shtmlhttp://www.secuobs.com/revue/news/200152.shtml 2010-03-10 09:22:20 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200147.shtmlhttp://www.secuobs.com/revue/news/200147.shtml 2010-03-10 09:04:36 - Rootsecure.net : Computer World Microsoft skips patch for PowerPoint add-on Fixes eight flaws in Windows and Office, but passes on patching Producer 2003 http://www.secuobs.com/revue/news/200142.shtmlhttp://www.secuobs.com/revue/news/200142.shtml 2010-03-10 09:04:36 - Rootsecure.net : ZDNet Blog New Microsoft IE zero-day flaw under attack http://www.secuobs.com/revue/news/200141.shtmlhttp://www.secuobs.com/revue/news/200141.shtml 2010-03-10 06:20:08 - SANS Internet Storm Center InfoCON green : Several readers have pointed us towards this advisory This Microsoft advisory outlines a vuln more http://www.secuobs.com/revue/news/200121.shtmlhttp://www.secuobs.com/revue/news/200121.shtml 2010-03-10 06:11:59 - Security Bloggers Network : Microsoft issued two security patches today to plug important security holes in its Windows operating system and Office software The software giant also warned that it is aware of hackers exploiting yet another unpatched security flaw in older versions of its Internet Explorer Web browser Microsoft said it is investigating public reports that hackers have worked http://www.secuobs.com/revue/news/200117.shtmlhttp://www.secuobs.com/revue/news/200117.shtml 2010-03-10 04:50:20 - Rapid7 Network Security Blog : Time once again for this month s summary of the latest Microsoft Security updates 2 advisories, with 8 vulnerabilities covered This is the lightest March update since Microsoft skipped March altogether back in 2007 Here s the breakdown MS10-016 Rated Important Potential Remote Code Execution in Windows Movie Maker, covering 1 vulnerability CVE-2010-0265 Buffer Overflow in Movie Maker http://www.secuobs.com/revue/news/200106.shtmlhttp://www.secuobs.com/revue/news/200106.shtml 2010-03-10 02:43:35 - SearchSecurity.com.au Analysis Commentary : Microsoft has issued patches for Excel, a new IE zero-day and Movie Maker in its March patch bundle IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200076.shtmlhttp://www.secuobs.com/revue/news/200076.shtml 2010-03-10 01:14:10 - Hack In The Box : Microsoft fixed eight flaws in Windows and Office today, but passed on patching one Windows component because it cannot be automatically updated The eight bugs patched today were far from the near-record 26 that Microsoft fixed last month when it delivered 13 security updates Both of today's bulletins were ranked important, the second-highest rating in Microsoft's four-step severity scoring system, even though the company acknowledged that the eight vulnerabilities could be used to completely compromise a Windows PC Although security experts recommended that users deploy the Office fix first, several argued today that the Windows update was more interesting because Microsoft declined to patch one of the two pieces of involved software http://www.secuobs.com/revue/news/200036.shtmlhttp://www.secuobs.com/revue/news/200036.shtml 2010-03-10 00:34:43 - Zero Day : Microsoft today issued patches for seven potentially dangerous security flaws in the Microsoft Excel worksheet software IMAGE http://www.secuobs.com/revue/news/200011.shtmlhttp://www.secuobs.com/revue/news/200011.shtml 2010-03-10 00:30:28 - News : The European Commission's decision to launch an antitrust investigation into Google Inc's activities has intensified that company's already heated competition with Microsoft Corp IMAGE http://www.secuobs.com/revue/news/200004.shtmlhttp://www.secuobs.com/revue/news/200004.shtml 2010-03-10 00:23:11 - Security : Earlier today Microsoft published their Security Bulletins for March 2010 The availability of patches mark the beginning of a flurry of activity for IT organizations everywhere In the video below, I summarize this month s bulletins In addition to those bulletins, Microsoft also published Microsoft Security Advisory 981374 This advisory addresses a vulnerability in Internet Explorer which could be exploited to execute artibrary code Each month Cisco Security Intelligence Operations SIO produces intelligence around Microsoft s Security Bulletin Release and I thought that I would provide an overview of what is available Although I am highlighting this information in the context of Microsoft Tuesday, note that Cisco SIO produces similar collateral for other security relevant events from a variety of vendors as well as the open source community http://www.secuobs.com/revue/news/199991.shtmlhttp://www.secuobs.com/revue/news/199991.shtml 2010-03-10 00:04:36 - eSecurity Planet Features : Besides patches for Microsoft Excel and Windows Movie Maker, Patch Tuesday includes a warning about zero-day attacks on some users via Internet Explorer 6 and 7 http://www.secuobs.com/revue/news/199986.shtmlhttp://www.secuobs.com/revue/news/199986.shtml 2010-03-09 23:46:40 - Praetorian Prefect : A blog post on the MSRC web site warned of a new zero-day in Internet Explorer versions 6 and 7 running on Windows XP, Windows 2000, or Windows 2003 The post references Security Advisory 981374 , and at this time there aren t many details about the vulnerability other than what MS has stated in the advisory Related http://www.secuobs.com/revue/news/199980.shtmlhttp://www.secuobs.com/revue/news/199980.shtml 2010-03-09 23:32:10 - SearchSecurity Security Wire Daily News : Two bulletins address eight vulnerabilities in Microsoft Windows and Office Internet Explorer advisory warns of new zero-day vulnerability being used in targeted attacks IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/199964.shtmlhttp://www.secuobs.com/revue/news/199964.shtml 2010-03-09 23:29:22 - News : Industry watchers say Microsoft's Internet Explorer 9 browser could help the software giant regain market share and get products in front of more customers IMAGE http://www.secuobs.com/revue/news/199961.shtmlhttp://www.secuobs.com/revue/news/199961.shtml 2010-03-09 22:47:26 - threatpost The First Stop for Security News : After a busy February with 13 security bulletins, Microsoft is easing off the patching throttle a bit this month Microsoft released two new security bulletins addressing 8 vulnerabilities, all not publically known at this time Shorten URL http threatpostcom en_us 3ty Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/199934.shtmlhttp://www.secuobs.com/revue/news/199934.shtml 2010-03-09 22:31:40 - securitystream.info : A zero-day unpatched vulnerability in Microsoft s Internet Explorer vulnerability is being exploited in the wild, the company warned in an advisory issued today On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7 Shorten URL http threatpostcom en_us 3tE Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us 3tE' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Microsoft Warns of New IE Code Execution Flaw 2 Microsoft Emergency IE Patch Coming 3 Microsoft Confirms New IE Data Leakage Flaw http://www.secuobs.com/revue/news/199931.shtmlhttp://www.secuobs.com/revue/news/199931.shtml 2010-03-09 22:22:08 - InSecurity Complex : New vulnerability in Windows and Office could allow an attacker to take control of IE 6 and IE 7 systems, software maker says http://www.secuobs.com/revue/news/199928.shtmlhttp://www.secuobs.com/revue/news/199928.shtml 2010-03-09 22:10:22 - Zero Day : A zero-day unpatched vulnerability in Microsoft's Internet Explorer vulnerability is being exploited in the wild IMAGE http://www.secuobs.com/revue/news/199925.shtmlhttp://www.secuobs.com/revue/news/199925.shtml 2010-03-09 22:08:32 - Security Bloggers Network : Whistleblowers do us all a service But one Whistleblower company by the name of Cryptome took on the wrong powerful corporate entity when it spilled a lot of sensitive information about that entity In fact, the backlash for their meddling was they were banned from the internet Now who in this world is powerful enough http://www.secuobs.com/revue/news/199919.shtmlhttp://www.secuobs.com/revue/news/199919.shtml 2010-03-09 22:06:47 - News : The Association for Computing Machinery ACM has awarded the 2009 AM Turing Award to Charles P Thacker, for his work in pioneering the networked personal computer IMAGE http://www.secuobs.com/revue/news/199912.shtmlhttp://www.secuobs.com/revue/news/199912.shtml 2010-03-09 21:28:53 - Reverse Engineering : submitted by rolfr link comment http://www.secuobs.com/revue/news/199892.shtmlhttp://www.secuobs.com/revue/news/199892.shtml 2010-03-09 21:21:20 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/199888.shtmlhttp://www.secuobs.com/revue/news/199888.shtml 2010-03-09 20:02:30 - SANS Internet Storm Center InfoCON green : Overview of theMarch 2010 MicrosoftPatchesand their status more http://www.secuobs.com/revue/news/199874.shtmlhttp://www.secuobs.com/revue/news/199874.shtml 2010-03-09 15:17:49 - Schneier on Security : The Microsoft Online Services Global Criminal Compliance Handbook US Domestic Version also can be found here, here, and here outlines exactly what Microsoft will do upon police request Here's a good summary of what's in it The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information It also IMAGE http://www.secuobs.com/revue/news/199737.shtmlhttp://www.secuobs.com/revue/news/199737.shtml 2010-03-09 10:04:01 - News : Microsoft and Hewlett-Packard are helping schools in emerging markets stretch their computers budgets with a new system that's designed to increase student access to computers and help equip them with the computer literacy skills they will need to be competitive after they graduate IMAGE http://www.secuobs.com/revue/news/199671.shtmlhttp://www.secuobs.com/revue/news/199671.shtml 2010-03-09 04:57:20 - Information Security Resources : From the Infosec Island Network Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key http://www.secuobs.com/revue/news/199635.shtmlhttp://www.secuobs.com/revue/news/199635.shtml 2010-03-09 04:52:33 - News : Responding to reports that its European ballot screen was not truly randomizing the positions of the top five browsers, Microsoft today said it has changed the algorithm that shuffles the spots IMAGE http://www.secuobs.com/revue/news/199621.shtmlhttp://www.secuobs.com/revue/news/199621.shtml 2010-03-09 00:20:17 - News : Although Microsoft has dropped a plan to wait nearly two years after Windows 7's launch to issue a first service pack, it won't deliver the update before late this year, a site that has accurately predicted past Windows timetables said IMAGE http://www.secuobs.com/revue/news/199529.shtmlhttp://www.secuobs.com/revue/news/199529.shtml 2010-03-09 00:17:58 - 4sysops : Report Microsoft moves up Windows 7 SP1 release date Comprehensive review of Microsoft Forefront Unified Access Gateway 2010 software-based remote access tool Microsoft to Rally Partners to the Cloud Microsoft changes algorithm in Europe browser ballot The Argument against Disabling IPv6 Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/199525.shtmlhttp://www.secuobs.com/revue/news/199525.shtml 2010-03-08 23:22:08 - No Tricks : Recently Microsoft published a simplified version of their SDL methodology, reducing the detail in the hope of making implementations a bit easier Microsoft has also made available its four core SDL Training classes introductions to SDL Threat Modeling, Basics of Secure Design, and Privacy for SDL as well as the supporting tools Finally, Adam Shostack has also made available Elevation of Privilege, the Threat Modeling Game, which he thinks is the easiest way to get started threat modeling just try it http://www.secuobs.com/revue/news/199497.shtmlhttp://www.secuobs.com/revue/news/199497.shtml 2010-03-08 22:51:53 - Rootsecure.net : Computer World Microsoft delivers feature-rich SSL-VPN http://www.secuobs.com/revue/news/199477.shtmlhttp://www.secuobs.com/revue/news/199477.shtml 2010-03-08 18:08:51 - News : More and more businesses are looking to hosted email services to reduce costs and ease management, and the choice often comes down to Google s Gmail the key component of Google Apps or a hosted version of Microsoft Exchange IMAGE http://www.secuobs.com/revue/news/199392.shtmlhttp://www.secuobs.com/revue/news/199392.shtml 2010-03-08 18:01:24 - Channel 9 : IMAGE Meet Malori Malori is a paralegal in Microsoft's legal department She manages patent applications and assigns them out to attorneys and portfolio managers as well as other paralegals Malori was looking for a way to make her team more efficient by presenting all of the information they needed in a single web page or application Our team jumped in and made an Access Services solution, which allows her to manage all the data and provide custom views to her teammates Today this web database is used by over 80 attorneys working on different cases at Microsoft In today s episode, Malori shares her experience with Access Services and how it has helped her be more efficient Learn more about Access 2010 on the team blog http://www.secuobs.com/revue/news/199388.shtmlhttp://www.secuobs.com/revue/news/199388.shtml 2010-03-08 11:56:21 - Network World on Security : We tested Whale Communications' SSL VPN back in 2003 and the product didn't fare very well Microsoft bought Whale in 2006, jettisoned some of the strange idiosyncracies of the product, dramatically simplified management, and subsequently integrated several Vista and Windows 7 technologies http://www.secuobs.com/revue/news/199296.shtmlhttp://www.secuobs.com/revue/news/199296.shtml 2010-03-08 11:26:54 - Skypher : Quoting http msdnmicrosoftcom en-us library aa930622aspx typedef struct tagBITMAPINFOHEADER DWORD biSize LONG biWidth LONG biHeight WORD biPlanes WORD biBitCount DWORD biCompression DWORD biSizeImage LONG biXPelsPerMeter LONG biYPelsPerMeter DWORD biClrUsed DWORD biClrImportant BITMAPINFOHEADER If the bitmap is a packed bitmap a bitmap in which the bitmap array immediately follows the BITMAPINFO header and is referenced by a single pointer , the biClrUsed member must be either zero or the actual size of the color table ANI files stores each frame of the animated cursor as a packed bitmap inside the ANI file http://www.secuobs.com/revue/news/199290.shtmlhttp://www.secuobs.com/revue/news/199290.shtml 2010-03-08 09:19:09 - securitystream.info : Posted by InfoSec News on Mar 07 http wwwcomputerworldcom s article 9166458 Microsoft_s_tax_for_hacks_horrible_idea_say_security_experts taxonomyId 17 By Gregg Keizer Computerworld March 5, 2010 Microsoft's idea that the fight against malware could be funded by an Internet tax is horrible, an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief Earlier this week, Scott Charney, Microsoft's vice president for Related posts 1 Microsoft s tax-for-hacks horrible idea, say security experts 2 RSA 2010 Experts Reject Taxing Hacks Malware 3 RSA 2010 Microsoft Floats Idea to Quarantine Infected Computers http://www.secuobs.com/revue/news/199273.shtmlhttp://www.secuobs.com/revue/news/199273.shtml 2010-03-08 09:11:44 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/199271.shtmlhttp://www.secuobs.com/revue/news/199271.shtml 2010-03-08 00:49:06 - Hack In The Box : Microsoft's senior product manager for Internet Explorer, Pete LePage, says rival Google could be one of the companies that will benefit most from future improvements in Internet Explorer Mr LePage, on his first visit to New Zealand, says there are plenty of improvements yet to be made to the company's web browser â now on version 8 â and there is no danger of it running out of puff in the same way that word-processing programs ground to an innovation halt The next version of Internet Explorer, IE9, will for the first time use computers' graphics processors â usually used by computer games â to better render website graphics on screen That is, hardware graphics acceleration is going to give you better reading experiences â better fonts and an improved ability to see images and scroll through them http://www.secuobs.com/revue/news/199202.shtmlhttp://www.secuobs.com/revue/news/199202.shtml 2010-03-08 00:49:06 - Hack In The Box : Microsoft will issue two bulletins addressing eight flaws in Windows and Office for this month's Patch Tuesday Both bulletins are listed as important - Microsoft's second highest alert rating - and will address flaws that could allow remote code execution in all supported versions of Office on Windows and Mac OS X, and Windows XP and higher There was no word on a fix for the VBScript security issue exposed earlier this week, which allows hackers to hijack a userâ s computer by getting them to press F1 on a phony site However, announcing the bulletins on Microsoftâ s security blog, senior security communications manager Jerry Bryant said that Microsoft would continue to monitor the situation http://www.secuobs.com/revue/news/199193.shtmlhttp://www.secuobs.com/revue/news/199193.shtml 2010-03-07 16:41:38 - MX Logic Security News : Computer World reports that several security professionals have contested Microsoft's claims that the company's destruction of the Waledac botnet will alleviate spam spread throughout the web Waledac claimed to control hundreds of thousands of PCs, prompting Microsoft researchers to launch an offensive against the malware Postini, the mail filtering firm owned by Google, reports little drop in spam Not only has spam not dropped, but SecureWorks' director of malware analysis Joe Stewart reports very little decrease in Waledac s overall activity Waledac was not a high threat, it's less than 1 percent of the spam traffic, Richard Cox, chief information officer of UK-based anti-spam service, Spamhaus, said What we're worried about is Zeus, which is a far more damaging botnet, which is creating a substantial amount of spam Spammers will likely take note of Microsoft's claims and use it to their benefit News stories have become an increasingly popular way for spammers to spread malware In 2010, the Olympics, the earthquake in Haiti and a false rumor of Bill Cosby's death have been just some of the ways cyber criminals exploit news topicsADNFCR-1765-ID-19638633-ADNFCR http://www.secuobs.com/revue/news/199127.shtmlhttp://www.secuobs.com/revue/news/199127.shtml 2010-03-07 16:41:38 - MX Logic Security News : Microsoft confirmed reports recently of a new web security vulnerability for users running Internet Explorer on Windows XP This is the third such hole reported to Microsoft so far in 2010 Earlier in the year, Microsoft addressed an issue presented to them following the highly publicized attack on Google Days later, at the Black Hat DC Conference in Washington, DC, a web security professional showed the company another flaw The company addressed the first two holes by issuing security updates, and it is reportedly investigating the latest breach Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer, Jerry Bryant of Microsoft told Computer World The current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not affected Cyber criminals exploit the hole to upload malware onto users' hard drives Making the matter even more pressing for the company is the potential volume of exploitation Net Applications reported in February that Internet Explorer is the most widely used web browser in the worldADNFCR-1765-ID-19645676-ADNFCR http://www.secuobs.com/revue/news/199121.shtmlhttp://www.secuobs.com/revue/news/199121.shtml 2010-03-07 06:25:28 - Jeff Jones Security Blog : msprimeIf you are a Microsoftie, then I m sure you have a Prime card in your wallet, purse or on the bottom of a junk drawer somewhere However, do you always use it when you could Do you even know which restaurants in the area accept it I eat at Cucina, Cucina in Issaquah a lot, but didn t realize that it took the Prime card Even after I discovered that, I ve probably eaten there a dozen times without remembering So, to help myself and share with all of you, I went through the restaurant search function on wwwmicrosoftprimecom not the cleanest site in the world for finding just what you want and extracted the restaurants in Snoqualmie and Issaquah that offer some sort of Prime benefit Okay, this is probably not of much interest to you unless you live near the Snoqualmie or Issaquah area in Washington, but if you do, you can download the 1-pager from this post on wwwsnoqqercom IMAGE http://www.secuobs.com/revue/news/199075.shtmlhttp://www.secuobs.com/revue/news/199075.shtml 2010-03-07 04:59:56 - News : Microsoft has sold 90 million copies of Windows 7 to date, making it the fastest-selling operating system in history, according to Peter Klein, Microsoft's chief financial officer Klein made the comments earlier this week while speaking at the Morgan Stanley Technology, Media, and Telecom Conference While most of what Klein had to say dealt with the Microsoft's financial expectations, the company's top number cruncher did discuss a few interesting things about Microsoft's product outlook for the coming year IMAGE http://www.secuobs.com/revue/news/199063.shtmlhttp://www.secuobs.com/revue/news/199063.shtml 2010-03-06 20:22:13 - Security Bloggers Network : While promoting the release of its Forefront Identity Manager product set during this week's RSA conference in San Francisco, Microsoft announced its support for a prototype national ID card system in Germany that is designed to allow individual citize http://www.secuobs.com/revue/news/199017.shtmlhttp://www.secuobs.com/revue/news/199017.shtml 2010-03-06 16:44:07 - Sunnet Beskerming Security Advisories : In February, Microsoft released a massive thirteen security bulletins, after January's single bulletin This month, there are only two security bulletins expected, at least according to the Advance Notification that they have released for next week's bulletins Both bulletins are rated as Important and are expected to address remote code execution vulnerabilities in Windows XP, Vista, 7, and Microsoft Office Excel and related components The Office bulletin is also being made available for the OS X versions of Office, so it is important that OS X users also apply the updates when they are released next week The publicly disclosed vulnerability with Windows Help files and VBScript remote code execution is not expected to be patched this month, but it is possible that an out-of-cycle patch could be released to address the issue IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198982.shtmlhttp://www.secuobs.com/revue/news/198982.shtml 2010-03-06 14:00:48 - Secumania Security Group Feeds : First remote code execution vulnerability affecting Microsoft Notepadvia innocent TXT documents Read the details http://www.secuobs.com/revue/news/198956.shtmlhttp://www.secuobs.com/revue/news/198956.shtml 2010-03-06 12:46:34 - securitystream.info : Microsoft 's idea that the fight against malware could be funded by an Internet tax is horrible, an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief Related posts 1 RSA 2010 Experts Reject Taxing Hacks Malware 2 More information security experts needed, says CyberSecurity Malaysia 3 RSA 2010 Microsoft Floats Idea to Quarantine Infected Computers http://www.secuobs.com/revue/news/198952.shtmlhttp://www.secuobs.com/revue/news/198952.shtml 2010-03-05 23:46:48 - Channel 9 : IMAGE If you are developing multi-threaded applications, there is a possibility that you may be having concurrency problems, and these problems can be difficult to reproduce and identify At PDC09, Madan Musuvathi and Sebastian Burckhardt showed off some tools Cuzz and FeatherLite that Microsoft Research is currently working on that may one day assist developers in addressing concurrency issues they may be having in their application I ve invited them to join me today to talk with us about some of the issues involved with tracking down concurrency problems, as well as how each tool works If you d like more information about the tools they are working on, you may want to check out their PDC09 session, which is available here PDC09 Seminar Concurrency Fuzzing Data Races You can also find more details about what Madan and Sebastian are doing in Microsoft Research on the Microsoft Research Website Cuzz FeatherLite Madan Musuvathi Sebastian Burckhardt http://www.secuobs.com/revue/news/198821.shtmlhttp://www.secuobs.com/revue/news/198821.shtml 2010-03-05 23:46:48 - Channel 9 : IMAGE With less than two weeks to go until MIX10, I sit down with Bill Buxton, Principal Researcher for Microsoft Research and Albert Shum, Director of Mobile Experience Design for Windows Phone 7 Series to talk about creating compelling user experiences, how developers and designers can work together in harmony and random Canadian trivia http://www.secuobs.com/revue/news/198820.shtmlhttp://www.secuobs.com/revue/news/198820.shtml 2010-03-05 22:44:37 - News : The Office 2010 application suite will be formally launched by Microsoft at an event scheduled for May 12, the company announced today IMAGE http://www.secuobs.com/revue/news/198799.shtmlhttp://www.secuobs.com/revue/news/198799.shtml 2010-03-05 22:44:37 - News : Microsoft will discontinue development of Windows Essential Business Server EBS as of June 30, the company announced via a blog IMAGE http://www.secuobs.com/revue/news/198797.shtmlhttp://www.secuobs.com/revue/news/198797.shtml 2010-03-05 19:36:49 - Network World on Security : Microsoft published the Microsoft Security Bulletin Advance Notification for March 2010 and there are only two security bulletins predicted for next Tuesday--both rated as Important Following the nearly record-breaking Patch Tuesday in February, IT administrators will appreciate getting a little bit of a break http://www.secuobs.com/revue/news/198734.shtmlhttp://www.secuobs.com/revue/news/198734.shtml 2010-03-05 16:23:44 - News : Microsoft's idea that the fight against malware could be funded by an Internet tax is horrible, an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief IMAGE http://www.secuobs.com/revue/news/198682.shtmlhttp://www.secuobs.com/revue/news/198682.shtml 2010-03-05 16:23:44 - News : Visual Studio Team Explorer 2010, based on Teamprise technology acquired from SourceGear, enables TFS to serve as an ALM server for multiple platforms IMAGE http://www.secuobs.com/revue/news/198681.shtmlhttp://www.secuobs.com/revue/news/198681.shtml 2010-03-05 15:18:08 - Infosecurity.US : Redmond, Washington based software giant Microsoft Corporation NasdaqGS MSFT has released the company s typical early notification of their planned Patch Tuesday update package, slated for March 9, 2010 Nearly every operating system and office software product inclusive of Sharepoint products, as well from the company, will receive their fair share of Related Posts 1 Microsoft Announces Patch Tuesday Updates 2 Microsoft Releases Advanced Security Notification 3 Microsoft Issues Security February Bulletin 4 Microsoft Releases September Security Notification 5 But Wait, There s More 13 Critical Security Patches Queued For Microsoft s PatchTuesday http://www.secuobs.com/revue/news/198667.shtmlhttp://www.secuobs.com/revue/news/198667.shtml 2010-03-05 13:56:22 - The Recurity Lablog : The Microsoft BlueHat team invited me to publish a rant on their BlueHat blog on TechNet Of course, I had to deliver Parser Central Microsoft NET as a Security Component http://www.secuobs.com/revue/news/198646.shtmlhttp://www.secuobs.com/revue/news/198646.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body You might know Brian Komar He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum Now, nCipher organized a Webimar on Best Practices for Microsoft PKI Certificate Management If you are interested, you might register at the link above Roger Category Microsoft Products Policies Security TechnologyPublished 29042008 21 20 http://www.secuobs.com/revue/news/198603.shtmlhttp://www.secuobs.com/revue/news/198603.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body I wrote on that already earlier We make processes and tools available how we internally do Threat Modeling To make it clear this has nothing to do with the Security Development Lifecycle but much more with Microsoft's own IT department The reason for this post is that we just released version 21 of the Threat Modeling Tool, which is downloadable for free You find it on the Application Threat Modeling website Roger Category Events Training Microsoft Security ProcessesPublished 05052008 17 35 http://www.secuobs.com/revue/news/198597.shtmlhttp://www.secuobs.com/revue/news/198597.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body I just read an interesting chat with Joel Snyder from Opus One who did Interop testing on the different NAC solutions I think he makes some statements which are worth to read from my perspective anyway J He also says that those who are anti-NAC simply don't understand the technology What we ended up with was about a dozen demonstrations, all showing what you need for a complete NAC solution And it really focused on let's start with Microsoft and work out from there Much more satisfying than trying to have three silos like we've done in the past that don't work together We have seen some consolidation in the NAC space Can you provide an update on the NAC market and where it's heading Towards Microsoft, for sure The key is that the desktop is EVERYTHING and Microsoft is making the right noises about standards and openness and making things work in the big picture So we have already seen Microsoft and the Trusted Computing Group TCG get together, and I think it's only a matter of time before we also see the other vendors like Cisco at least have a good accommodation of the Microsoft Network Access Protection NAP framework There is much, much more the chat is quite long and give some good insights into NAC NAP in the future Read it here Microsoft is winning the NAC war, expert says Roger Category Interoperability Microsoft Products TrendsPublished 08052008 11 50 http://www.secuobs.com/revue/news/198595.shtmlhttp://www.secuobs.com/revue/news/198595.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body I just read this article on Cryptography Expert Wins ACM Award for Advances in Protecting Privacy of Information Retrieval This is really cool to see that research with do at Microsoft Research not only leads to advancements in our products but to public recognition as well Well done Sergey Roger Category MicrosoftPublished 26052008 08 29 http://www.secuobs.com/revue/news/198576.shtmlhttp://www.secuobs.com/revue/news/198576.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body I posted yesterday on the Safari flaw Why Apple has to fix the Safari flaw as Apple did not acknowledge that this is a security vulnerability Unfortunately we had now to release an advisory for this as we started to see that the bad guys could use this feature to attack machines we are calling it a blended threat I just wanted to make sure you saw it Microsoft Security Advisory 953818 - Blended Threat from Combined Attack Using Apple's Safari on the Windows Platform Roger Category Cybercrime Incidents TechnologyPublished 31052008 11 19 http://www.secuobs.com/revue/news/198570.shtmlhttp://www.secuobs.com/revue/news/198570.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security If you are looking for something, go there and find it J http blogstechnetcom feliciano_intini pages microsoft-blogs-and-web-resources-about-securityaspx Roger Category Microsoft ProductsPublished 24062008 11 38 http://www.secuobs.com/revue/news/198557.shtmlhttp://www.secuobs.com/revue/news/198557.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body A question I often get is How does Microsoft solve the problem x in their IT eg How does Microsoft do Patch Management These questions are usually directed towards MSIT Microsoft IT as we call it and not towards Microsoft as a vendor I guess you know that we have a site called IT Showcase How Microsoft does IT to give you exactly these insights and there are even people from MSIT giving presentations to customer on different topics The other question I get is By the way, does Microsoft use Forefront to protect its network and this is most often directed towards Forefront Client Security This question was a little bit harder to answer as MSIT started the roll-out quite a while ago but when they pilot technology, they mostly start on the Redmond Campus our Headquarters and then selectively go around the globe This makes a lot of sense as you have to control the cost of problems and they are often less costly and easier to address if you can just walk to the other building compared to having to do it remotely We were using CA eTrust in the past and I was part of the Forefront Client Security pilot since quite a while now and I love it I have to anyway but I really like it The reason for that I do not see and feel it at all No performance trade-offs, no problems at all No, I did not have any malware on the PC yet If you want to know more about how we did and still do the roll-out of FCS, there is the site to go to Deploying Forefront Client Security at Microsoft Including a technical whitepaper, a PowerPoint presentation and a Webcast Now, it is your turn Go out and deploy it J Roger Category Microsoft ProductsPublished 26062008 09 15 http://www.secuobs.com/revue/news/198555.shtmlhttp://www.secuobs.com/revue/news/198555.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body It is not really news anymore as it broke during my vacation However, it is important from my point of view We are a proud sponsor and not for the first time of the Privacy Enhancing Technology Awards, which recognizes the work of researchers in the area of Privacy Enhancing Technologies There was a press article published on that Privacy to the Test - Exploring the Limits of Online Anonymity and Accountability Roger Category PrivacyPublished 05082008 12 15 http://www.secuobs.com/revue/news/198547.shtmlhttp://www.secuobs.com/revue/news/198547.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : It happens pretty often but this time it seems to be wider spread then normal as our traffic with regards to this issue is higher than usual There is a mail circulating pretending that it is coming from Steve Lipner here at Microsoft telling you to install the attached update see the mail below Just to re-enforce the message Microsoft never ever let's stress that again never ever distributes updates or any kind of software as attachment via e-mail We link to our Websites and our updates are signed by us So, just delete these kind of messages without even reading them Roger PS Here is the version of today and this is a scam Dear Microsoft Customer, Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows The update applies to the following OS versions Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista Please notice, that present update applies to high-priority updates category In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update Since public distribution of this Update through the official website http wwwmicrosoftcom would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users As your computer is set to receive notifications when new updates are available, you have received this notice In order to start the update, please follow the step-by-step instruction 1 Run the file, that you have received along with this message 2 Carefully follow all the instructions you see on the screen If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine In that case, at this point the upgrade of your OS will be finished We apologize for any inconvenience this back order may be causing you Thank you, Steve Lipner Director of Security Assurance Microsoft Corp -----BEGIN PGP SIGNATURE----- Version PGP 71 JQ7I212BN637GZCN5N4BQ788O7QIHVK97V5K9W0MB11N43ZOP9KVX5ZRKAZ9JLS5A X660XXVLE4KT4M3F8ZUA3UQBOXE884ZMVX46RJEFY9FRVLCC2HIHKPM1Z1BALETSD QP5N89G04E6Q5IYF312BTX55VM079X4O1XV7IW1A8K5K1EEQUSF2W58QR8YUF60S2 SAR4DXOITS53VUZ1B3O7VBCFIP4I0XLF91HF832YQUU7E274FCHIG35UDIN8FZX6W V0RVB2F2WJMYEEE62QDKTA6PABR2ECI4GKE -----END PGP SIGNATURE----- http://www.secuobs.com/revue/news/198522.shtmlhttp://www.secuobs.com/revue/news/198522.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I already blogged a few times on MSAT the Microsoft Security Assessment Tool We just released a new version for it, version 4 For those of you who do not know MSAT MSAT is a free stress free Risk Assessment Tool mainly targeted a Small and Medium Businesses to get a good understanding of their Business Risks vs their IT Risks So, it shows not only as so often the need where you should do more but also, where you basically invested more in security than your business actually needed If you look at the tool it looks by itself completely re-designed which it is The reports themselves have proven to be very helpful for our customers Therefore they are not that different but slightly improved However, it is now easier to save them Word and XPS Business Risk Profile vs Defense in Depth Index Scorecard Prioritized Action List It is definitely worth looking at the tool You can find it here Roger http://www.secuobs.com/revue/news/198514.shtmlhttp://www.secuobs.com/revue/news/198514.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I am more than pleased to inform you that we announced today a partnership between EMC RSA and us This partnership involves the integration of EMC RSA technology into our platform I quote from our press release Microsoft will build the RSA Data Loss Prevention DLP classification technology into the Microsoft platform and future information protection products The resulting collaboration is designed to enable organizations to centrally define information security policy, automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center Additionally, in the near term RSA s DLP Suite 65 will be engineered to integrate tightly with Microsoft Active Directory Rights Management Services RMS within Windows Server 2008 Looking forward to the outcome Roger http://www.secuobs.com/revue/news/198486.shtmlhttp://www.secuobs.com/revue/news/198486.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I want to add a few things as it is still not over More and more enterprises are still hit My last blog post showed you what you can do but I wanted to add two resources and a comment The comment first There were some discussions about our Anti-Malware solution We had protections in all our products Forefront, OneCare, our Online Safety Scanner since December 29th Additionally MSRT the Malicious Software Removal Tool removes Conficker since yesterday A lot of infections we see at the moment are because of Unpatched machines AV-Software still not detecting this malware So, you definitely should think about which AV-solution you are running in the future if three weeks after such a breakout you are still unprotected Now to the two resources Our Malware Protection Center published a post on Conficker yesterday with an excellent picture of the infection vectors original 1 And the Microsoft Security Response Center posted as well Roger http://www.secuobs.com/revue/news/198463.shtmlhttp://www.secuobs.com/revue/news/198463.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Just a quick one We released SP2 for Office 2007 You can download it here Roger http://www.secuobs.com/revue/news/198421.shtmlhttp://www.secuobs.com/revue/news/198421.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : A lot of people and companies are talking about the Cloud today I guess that there are not too many companies that share the same track record of running online services as Microsoft 1994 we launched MSN and since then we are in this business Microsoft Global Foundation Services the group responsible for this infrastructure just published a document called Securing Microsoft s Cloud Infrastructure which is definitely worth reading In my opinion a few items will be key when talking about a trustworthy cloud, one of them being transparency Transparency how your data is handled, how software is written and operated, how incidents are dealt with, etc This paper definitely helps on our side to drive in this direction although we did already a lot in this respect like making the Security Development Lifecycle available and communicating transparently about security challenges etc To show the importance of security for our online services as well, I would like to quote the paper The core driver to creating an effective security program is having a culture that is aware of and highly values security Microsoft recognizes that such a culture must be mandated and supported by company leaders The Microsoft leadership team has long been committed to making the proper investments and incentives to drive secure behavior In 2002, the company formed the Trustworthy Computing initiative with Bill Gates committing Microsoft to fundamentally changing its mission and strategy in key areas Today, Trustworthy Computing is a core corporate value at Microsoft, guiding nearly everything the company does At the foundation of this initiative are these four pillars Privacy, Security, Reliability, and Business Practices For more information on Trustworthy Computing, see the Microsoft Trustworthy Computing page Microsoft understands that success in the rapidly changing business of online services is dependent upon the security and privacy of customers data and the availability and the resiliency of the services Microsoft offers Microsoft diligently designs and tests applications and infrastructure to internationally recognized standards in order to demonstrate these capabilities and compliance with laws and with internal security and privacy policies As a result, Microsoft customers benefit from more focused testing and monitoring, automated patch delivery, cost-saving economies of scale, and ongoing security improvements Here are the links to the different papers we published today Securing Microsoft s Cloud Infrastructure Security in Microsoft Business Productivity Online Suite Securing Microsoft s Cloud Infrastructure Roger http://www.secuobs.com/revue/news/198407.shtmlhttp://www.secuobs.com/revue/news/198407.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : This is probably one of the best news I read since a long time I often said, that I am convinced that we are in a lot of areas around security leading the industry The complexity of building multi-purpose software in a secure way started to be addressed by us back when we introduced the Security Development Lifecycle which we make available publically on the web Today, Microsoft was recognized in the SD Times 100 2009, an annual list from Software Development Times that acknowledges companies for being industry leaders in software development Microsoft was awarded as well as in other categories , alongside the likes of Coverity and Fortify a top spot in secure development This is the first time since SD Times started publishing its Top 100 list that Microsoft has been recognized in this category You can read this story here DOWNLOAD ISSUE 6 15 2009 NOW from page 21 onwards Roger http://www.secuobs.com/revue/news/198400.shtmlhttp://www.secuobs.com/revue/news/198400.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I am running Microsoft Security Essentials called Morro since quite a while on my Mediacenter and I am definitely convinced of it So, go ahead and test it http wwwmicrosoftcom security_essentials resourcesaspx it will be our free Anti-Malware solution Roger http://www.secuobs.com/revue/news/198398.shtmlhttp://www.secuobs.com/revue/news/198398.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : As you know, I am a big fan of the concepts behind Network Access Protection as it allows to dynamically define zones on you network We just published a whitepaper called Manage Network Access Protection at Microsoft Network Access Protection NAP is a powerful new Windows Server 2008 feature that can help protect networks from malicious software malware and other threats Describes how organizations can use NAP to institute requirements for accessing a network, create policies that check for compliance with those requirements, and update and manage devices that are not in compliance Here you find this information Technical White Paper Webcasts IT Pro Webcast WMA MP3 Have fun Roger http://www.secuobs.com/revue/news/198389.shtmlhttp://www.secuobs.com/revue/news/198389.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I saw a lot of chatter on blogs and Twitter about Windows 7 E the European edition without Internet Explorer On July 24th, we published a new proposal on that Read our statement yourself Microsoft Proposal to European Commission Roger http://www.secuobs.com/revue/news/198384.shtmlhttp://www.secuobs.com/revue/news/198384.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I know that these news are not new but I was away when we announced it and to me it is important enough to take it up afterwards Over the last few months we worked on a document explaining everything which is going on around an Update Tuesday So, what is an Advanced Notification, what information do you find an a Security Bulletin and how should you handle this kind of information etc We announced this document during Blackhat To quote from the download page This Guide was designed to help IT professionals better understand and use Microsoft security release information, processes, communications, and tools Our goal is to help IT professionals manage organizational risk and develop a repeatable, effective deployment mechanism for security updates In this Guide, you will find a convenient glossary of terms, an overview of the Microsoft Security Bulletin process, and a stage-by-stage review of Microsoft Security Updates I think Michael Grady did an outstanding job pulling this all together It can be found and downloaded here The Microsoft Security Update Guide Roger http://www.secuobs.com/revue/news/198380.shtmlhttp://www.secuobs.com/revue/news/198380.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I am using a Latin keyboard and my Arabic is kind of rusty but I guess that this could be of real help if you write Arabic Microsoft Maren There is a good video on that page Roger http://www.secuobs.com/revue/news/198365.shtmlhttp://www.secuobs.com/revue/news/198365.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective The risk perspective is a simple one If we give it to you as our customer, we give it as well to the criminals There are two new tools which just made the bar and which are now released by the Security Development Lifecycle SDL team BinScope Binary Analyzer is a verification tool that confirms they the use of the correct compiler and linker protections required by the SDL One of the things we learned is that the right compiler settings may change a lot if the compiler and the linker are able to deliver accurate security MiniFuzz File Fuzzer is a simple file fuzzer that is designed to ease your introduction into fuzz testing by supplying file formats that your application would otherwise not expect So, if you develop in-house, look at them and make use of them If not, make sure your supplier uses them or something similar we do Additionally, you might remember that we released a Security Development Lifecycle Template for VisualStudio earlier this year Security Development Lifecycle Template - Your next step to Secure Development Based on your feedback the SDL team has written a whitepaper on how to integrate their practices into your own process template Whitepaper Manually Integrating the SDL Process Template Roger http://www.secuobs.com/revue/news/198363.shtmlhttp://www.secuobs.com/revue/news/198363.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I started to read the article and actually just wanted to Tweet about it but then I voted and had to publish at least the current state When it comes to security, who do you trust more Microsoft 44pourcents Google 32pourcents Neither 22pourcents Both 3pourcents Total Votes 716 This is just now might change but it is very good to see Take your vote if you need help where to click, let me know Roger http://www.secuobs.com/revue/news/198358.shtmlhttp://www.secuobs.com/revue/news/198358.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Why pay for a Anti-Malware solution if you can get one of the best solutions in the world for free go and download it It is there http wwwmicrosoftcom security_essentials And now, the disclaimer It runs only on genuine Windows Have fun, enjoy I am running it since quite a while with my friends and families and they all love it as they do not see and feel it at all unless something bad happens It is great Roger http://www.secuobs.com/revue/news/198355.shtmlhttp://www.secuobs.com/revue/news/198355.shtml 2010-03-05 10:12:09 - Rootsecure.net : Computer World Typical Windows user patches every 5 days pdf 75 Microsoft, third-party patch events each year are a burden most users can't bear, says Secunia http://www.secuobs.com/revue/news/198316.shtmlhttp://www.secuobs.com/revue/news/198316.shtml 2010-03-05 07:20:57 - DarkReading All Stories : Microsoft debuts U-Prove, rolls out Forefront Identity Manager http://www.secuobs.com/revue/news/198289.shtmlhttp://www.secuobs.com/revue/news/198289.shtml 2010-03-05 05:44:45 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/198268.shtmlhttp://www.secuobs.com/revue/news/198268.shtml 2010-03-05 04:25:11 - News : In anticipation of shutting down Halo 2 along with all other Xbox Original title support on Xbox Live, Microsoft is gifting loyal Halo 2 players with a little something to help ease the pain of losing access to their prefered game IMAGE http://www.secuobs.com/revue/news/198251.shtmlhttp://www.secuobs.com/revue/news/198251.shtml 2010-03-05 03:25:41 - SearchSecurity Security Wire Daily News : Next week, Microsoft will issue two bulletins that address eight vulnerabilities in Windows and Microsoft Office IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198243.shtmlhttp://www.secuobs.com/revue/news/198243.shtml 2010-03-05 02:33:33 - InSecurity Complex : Microsoft will have a relatively light Patch Tuesday next week, fixing eight holes with two bulletins, but a fix for a zero-day VBScript vulnerability is still pending http://www.secuobs.com/revue/news/198219.shtmlhttp://www.secuobs.com/revue/news/198219.shtml 2010-03-05 02:23:11 - Security : According to the Microsoft Security Response Center, Microsoft will issue two Security Bulletins addressing eight vulnerabilities on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day March 10 at 11 00 am PST, if you're interested Both of the vulnerabilities are rated Important and both may require a restart The list of affected operating systems includes Windows XP x86 and x64 , Windows Vista x86 and x64 , and Windows 7 x86 and x64 In terms of the Microsoft Office suites, all supported versions are affected on both Windows and Mac OS X Compared to last month's whopper of a Patch Tuesday, this one is quite a small one, especially given that there are no Critical patches coming The exact breakdown of the bulletins is as follows Bulletin 1 Important Remote Code Execution , Windows Bulletin 2 Important Remote Code Execution , Office If you're wondering, the IE Windows Help vulnerability we reported on earlier this week is not yet ready to be patched There are no known attacks, but Microsoft is still encouraging customers to review the advisory and apply the suggested workarounds where possible Customers that are running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 are not affected Along with these patches, Microsoft is also planning to release the following on Patch Tuesday One or more nonsecurity, high-priority updates on Windows Update WU and Windows Server Update Services WSUS One or more nonsecurity, high-priority updates on Microsoft Update MU and WSUS An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center This information is subject to change by Patch Tuesday Microsoft has been known to rush patches as well as pull them if it deems it necessary Read the comments on this post IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198214.shtmlhttp://www.secuobs.com/revue/news/198214.shtml 2010-03-05 00:13:53 - News : Microsoft today announced it will ship two security updates on Tuesday to patch eight vulnerabilities in Windows and Office IMAGE http://www.secuobs.com/revue/news/198180.shtmlhttp://www.secuobs.com/revue/news/198180.shtml 2010-03-04 23:18:37 - Zero Day : The vulnerabilities are rated important and affect the Windows operating system and the Microsoft Office productivity suite IMAGE http://www.secuobs.com/revue/news/198171.shtmlhttp://www.secuobs.com/revue/news/198171.shtml 2010-03-04 22:43:16 - Global Security Mag Online : Aujourd'hui, lors de la Conférence RSA 2010, Microsoft a souligné les avancées réalisées pour concrétiser sa vision Confiance de bout en bout Lors de son discours d'ouverture, Scott Charney, vice-président du groupe Informatique de confiance TrustworthyComputing chez Microsoft, a expliqué comment cette vision Confiance de bout en bout peut être appliquée au Cloud Computing, a détaillé l'avancement de son projet de méta-système d'identité basé sur des revendications Claims-based Identity - Points de Vue http://www.secuobs.com/revue/news/198161.shtmlhttp://www.secuobs.com/revue/news/198161.shtml 2010-03-04 22:22:46 - securitystream.info : Microsoft has announced plans to ship two security bulletins next week to fix a total of eight vulnerabilities affecting Windows and Office products Both bulletins are rated important because of the risk compromising the confidentiality, integrity or availability of user data Shorten URL http threatpostcom en_us 3L9 Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us 3L9' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Microsoft to Patch 26 Windows, Office Vulnerabilities 2 MS Patch Tuesday 13 Bulletins, 26 Vulnerabilities 3 Microsoft Patches Critical IE, Windows Vulnerabilities http://www.secuobs.com/revue/news/198158.shtmlhttp://www.secuobs.com/revue/news/198158.shtml 2010-03-04 21:37:43 - Global Security Mag Online : Update MS10-015 security update re-released with new detection logic Date 04 Mars 2010 Gravité Moyenne Description Microsoft a publié dans le cadre du Patch Tuesday de février le correctif MS10-015 corrigeant deux vulnérabilités du noyau de Windows À la suite à son installation, des utilisateurs se sont plaints de l'apparition d'écran bleu voir bulletin XMCO nº 1265972321 Microsoft, ainsi que des chercheurs travaillant pour différents éditeurs de solutions antivirus se sont rendu - Vulnérabilités http://www.secuobs.com/revue/news/198132.shtmlhttp://www.secuobs.com/revue/news/198132.shtml 2010-03-04 21:03:08 - Slashdot Your Rights Online : eldavojohn writes The Japanese computer manuracturer IO Data is the latest in line to license Microsoft's so-called 'Linux patents,' following the likes of Novell, Samsung, and Amazon Yes, even the press releases use the word 'Linux' to describe these patents From the press release 'Specifically, the patent covenants apply to I-O Data's network-attached storage devices and its routers, which run Linux Although the details of the agreement have not been disclosed, the parties indicated that Microsoft is being compensated by I-O Data' IMAGE IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198127.shtmlhttp://www.secuobs.com/revue/news/198127.shtml 2010-03-04 20:50:23 - Security Wire Weekly : Scott Charney, Microsoft s vice president for Trustworthy Computing discusses the software giant s latest legal action to take down the Waledac botnet http://www.secuobs.com/revue/news/198126.shtmlhttp://www.secuobs.com/revue/news/198126.shtml 2010-03-04 19:12:04 - Microsoft BlueHat Blog : During the past decade or so, a significant portion of the computer industry has set out in a quest for secure software That this sizable force of smart people with all their resources and market power has not yet brought us a secure and safe computing experience, should be an indication that this task is not something you can just turn around and do Securing the huge number of software stacks we are working with on a daily basis is a massive undertaking It is somewhat similar to attempting to change the way we use natural resources and energy in order to prevent further global warming Since you could be reading this in Utah, USA 1 , let's assume that global warming is an actual problem and is caused by humankind burning pretty much any fossil energy source we can find in order to produce energy Slowing down global warming is a tall order, let alone stopping or reversing it We would need to gradually and globally reduce energy production methods that have carbon dioxide as a byproduct This is not something you can change overnight Since people depend on the energy your coal-fed power plant is delivering, you cannot simply turn it off and leave them in the cold But every time you consider building a new power plant, you should be thinking about its carbon dioxide emissions and you certainly should consider other methods of energy production The alternative, power generation using renewable sources, will at first appear too expensive and complicated Primarily, it will seem to provide significantly lower performance, so that you cannot really consider it as an alternative to your coal power plant As with the energy problem, the performance argument is constantly pulled out of the bag and waved around when one recommends NET as the runtime environment for a new software project Before even the first sketches of a software design and architecture are made hoping that there actually will be some design and architecture before coding , and a long time before the first line of code is written, someone will argue that whatever it is that's to be developed must be written in C or some other unmanaged language An insidious fact is that the most seasoned programmer in any team will likely be the one to present this performance argument against whoever proposed using NET for the task at hand This might be explained by the seasoned programmer being the one who's least likely to implement unmanaged code in a way that it can become a security vulnerability Maybe it is just the programmer s old belief that anything not compiled into native platform code doesn't perform well However, the meritocracy among programmers and their managers causes the senior programmer's statements to have significant more weight that everyone else's, so everyone in the team will learn that, for performance reasons, they cannot use NET The sad truth is that such repeated statements will cause software stacks to stay vulnerable to memory corruption and integer overflows for decades to come Especially experienced people should know that, as Donald Knuth already stated premature optimization is the root of all evil William Allan Wulf took it even further by saying More computing sins are committed in the name of efficiency without necessarily achieving it than for any other single reason - including blind stupidity Unfortunately, this is very close to the truth If you are an attacker or vulnerability researcher and you are trying to identify an easy attack on a software stack, the first thing you look for is parsers Any code that handles or interacts with externally provided data that you can influence will be your primary target of interest If this code is written in an unmanaged language, for example, C C , you are very likely to find what you are looking for in the parser before anything else This is where most software breaks, either through parsing of file formats or protocol messages In most cases, complex parsing happens before any authentication and authorization could even be performed, so the resulting attack will not only yield arbitrary code execution, but it will also be completely anonymous NET provides almost all the security you need to implement parsers that do not result in security vulnerabilities in your code Boundary errors do not lead to memory corruptions, so the whole class of buffer overflow vulnerabilities goes away Even better, boundary errors will throw very distinct exceptions, so your program can react to them specifically The option to check for arithmetic overflows and underflows in your assemblies is the second mighty weapon that prevents exploitation of signedness issues and data-type conversion problems, although checking for arithmetic overflows and underflows is still not the default for new projects in Visual Studio 2010 By using safe code, written in any of the many NET front-end languages, you can easily build very solid and robust parsers that ensure your input data is correct and that do not allow attackers to slip overly-large integers past your checks Let the attacker fuzz your input files until kingdom come And what about the performance issues now First of all, how about writing secure code in the first place and conducting the performance measurements and optimizations afterwards It is very likely that this one method, which iterates over your large data set in nested loops a couple of times, is eating most of the CPU time anyway, no matter what language it was written in Algorithmic mistakes account for a much larger performance impact in almost any sufficiently large application regardless of the programming language used Secondly, the security critical parsers are often invoked infrequently during the operation of the application Review carefully how often your parsers are actually invoked When you only read files upon user request, it is very unlikely that the user will actually notice any performance difference whether your parser is written inNET or in unmanaged code, except for the case where a corrupt file is opened, may it be intentionally corrupted or not In today's multi-component multi-tier application designs, it is easy to ensure a correct input data set using a strictly written NET parser and then handing the normalized and verified data to other code that performs computationally-expensive processing Last but not least, please keep in mind that NET code is not executed on a virtual CPU but actually compiled into platform-specific code before being executed This Just-In-Time compilation is where the real performance is gained in any managed languages And some seriously smart people work on the JIT When they find an optimization and roll out an updated JIT, all code runs suddenly faster, not just yours But more importantly, you don't have to do anything, it will happen behind the scenes I have made only the best of experiences using NET code for parsers in security-critical situations It doesn't relieve you from thinking about acceptable and non-acceptable formatting of your input data, but it massively simplifies the process of validating and checking the input data If anything goes wrong, the exception will propagate up, and you can safely discard the input from the top-level code In any other case, the cleaned and sanitized input data set can be used immediately, even in less fortified code Returning to the analogy between global warming and securing software stacks, it should be clear that we may not build things the way we did before if we care about changing anything in the future Even if all parsers from today on will be safe and sound implementations in managed languages without any unsafe code invocations, it will take a long time before the old software is phased out But if we continue to follow our old habits for dubious reasons, we will never actually get anywhere near our goal of secure and reliable computing Consider the capabilities of NET a vital security component for future software projects I appreciate any feedback you may have, and if you happen to attend BlueHat Buenos Aires, I will see you there -FX --------------------------------------------------------------------- 1 Climate Change Joint Resolution , 2010 General Session, State Of Utah, http leutahgov 2010 bills hbillamd hjr012htm IMAGE http://www.secuobs.com/revue/news/198079.shtmlhttp://www.secuobs.com/revue/news/198079.shtml 2010-03-04 14:48:52 - News : Microsoft plans to spend 95 billion on research and development this year, which a senior executive said Thursday is more than any competitor IMAGE http://www.secuobs.com/revue/news/198013.shtmlhttp://www.secuobs.com/revue/news/198013.shtml 2010-03-04 12:05:05 - Computer Security News : A top Microsoft executive on Tuesday suggested a broad Internet tax to help defray the costs associated with computer security breaches and vast Internet attacks, according to reports http://www.secuobs.com/revue/news/197981.shtmlhttp://www.secuobs.com/revue/news/197981.shtml 2010-03-04 11:02:55 - Raymond.CC Blog : IMAGE IMAGE var AdBrite_Title_Color '00A2E7 ' var AdBrite_Text_Color '000000 ' var AdBrite_Background_Color 'FFFFFF ' var AdBrite_Border_Color 'FFFFFF ' var AdBrite_URL_Color '000000 ' try var AdBrite_Iframe windowtop windowself 2 1 var AdBrite_Referrer documentreferrer ' ' documentlocation documentreferrer AdBrite_Referrer encodeURIComponent AdBrite_Referrer catch e var AdBrite_Iframe ' ' var AdBrite_Referrer ' ' documentwrite StringfromCharCode 60,83,67,82,73,80,84 documentwrite ' src http adsadbritecom mb text_groupphp sid 1544959 zs 3330305f323530 ifr ' AdBrite_Iframe ' ref ' AdBrite_Referrer ' type text javascript ' documentwrite StringfromCharCode 60,47,83,67,82,73,80,84,62 adHeadline font bold 10pt Arial text-decoration underline color 0000FF adText font normal 10pt Arial text-decoration none color 000000 try var AdBrite_Iframe windowtop windowself 2 1 var AdBrite_Referrer documentreferrer '' documentlocation documentreferrer AdBrite_Referrer encodeURIComponent AdBrite_Referrer catch e var AdBrite_Iframe '' var AdBrite_Referrer '' documentwrite StringfromCharCode 60,83,67,82,73,80,84 documentwrite ' src http adsadbritecom mb text_groupphp sid 1547046 br 1 ifr ' AdBrite_Iframe ' ref ' AdBrite_Referrer ' type text javascript ' documentwrite StringfromCharCode 60,47,83,67,82,73,80,84,62 The 20 winners of WinBootInfo IMAGE http://www.secuobs.com/revue/news/197971.shtmlhttp://www.secuobs.com/revue/news/197971.shtml 2010-03-04 10:32:42 - Rootsecure.net : webmonkey Microsoft to Double Down on HTML5 With IE 9 Several clues point to the possibility that the next version of IE will include broad support for HTML5 elements, vector graphics and emerging CSS standards http://www.secuobs.com/revue/news/197960.shtmlhttp://www.secuobs.com/revue/news/197960.shtml 2010-03-04 09:33:36 - Security Bloggers Network : It won t work if you have a rootkit infection, but it won t blue screen your machine eitherMicrosoft has reissued Security Bulletin MS010-15 from last month to work around a problem that had occurred when a WinXP user attempted to install the patc http://www.secuobs.com/revue/news/197955.shtmlhttp://www.secuobs.com/revue/news/197955.shtml 2010-03-04 04:58:29 - News : Microsoft's CFO confirmed today that the company will offer a free upgrade to the upcoming Office 2010 suite starting this month IMAGE http://www.secuobs.com/revue/news/197892.shtmlhttp://www.secuobs.com/revue/news/197892.shtml 2010-03-04 03:59:51 - News : Microsoft's apparent backing of complaints that prompted a European antitrust investigation of Google is but the latest clash in the ongoing war between the two technology titans, analysts say IMAGE http://www.secuobs.com/revue/news/197870.shtmlhttp://www.secuobs.com/revue/news/197870.shtml 2010-03-04 01:56:37 - Hack In The Box : Microsoft Windows Mobile operating systems have always been compatible with various handsets or personal digital assistants, even with those that did not feature enough performance for them, which essentially ruined user experience Nevertheless, with Windows Phone 7-series Microsoft Corp has very strict hardware requirements that will not allow it to run onto older cell phones Because we have very specific requirements for Windows Phone 7 Series the current phones we have right now will not be upgradable,â said Natasha Kwan, general manager for Microsoftâ s mobile communications business in the Asia-Pacific region, reports InformationWeek web-site In fact, there are three types of form-factors for Windows Phone 7-series operating system-based mobile phones that will feature different hardware http://www.secuobs.com/revue/news/197845.shtmlhttp://www.secuobs.com/revue/news/197845.shtml 2010-03-03 23:49:00 - SearchSecurity.com.au Analysis Commentary : Scott Charney, Microsoft's top Trustworthy Computing executive, has discussed the company's new approach to protecting against botnets at the 2010 RSA conference Charney also detailed Microsoft's new identity management technologies IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197784.shtmlhttp://www.secuobs.com/revue/news/197784.shtml 2010-03-03 23:48:25 - News : Microsoft announced at the RSA Conference Tuesday that it has begun shipping Forefront Identity Manager 2010, server software for provisioning and de-provisioning user access and privileges for network and database resources IMAGE http://www.secuobs.com/revue/news/197775.shtmlhttp://www.secuobs.com/revue/news/197775.shtml 2010-03-03 22:43:00 - 4sysops : Microsoft confirms free Office 2010 upgrade deal Microsoft Forefront Identity Manager 2010, the successor to Identity Lifecycle Manager 2007, is shipping Forrester provides tips to Windows 7 early adopters Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/197746.shtmlhttp://www.secuobs.com/revue/news/197746.shtml 2010-03-03 19:55:11 - The Tech Herald Security News : On Tuesday Microsoft re-released the patch that triggered the infamous Blue Screen of Death as a direct result of a rootkit infection While no immediate detection and removal tool exists for the rootkit courtesy of Windows Update, Microsoft said that they are working on a solution and expects it to be released in a few weeks http://www.secuobs.com/revue/news/197692.shtmlhttp://www.secuobs.com/revue/news/197692.shtml 2010-03-03 17:48:34 - Security : IMAGE More and more personal, private information is being used and stored online than ever before, and at the same time, attacks on that information are increasing in frequency and sophistication Phishing is a growth industry it's very profitable to trick people into handing over names, passwords, credit card numbers, and so on, so that their finances can be pillaged Important activities like banking and filing tax returns are being performed, and these need strong proof of identity On the other hand, there's no reason why a storefront like, say, iTunes, needs to know your identity it only needs to know that the money being handed over is yours to hand over Ultimately, we want to be able to securely make transactions without giving third parties the ability to masquerade as us we want to be able to visit websites and make purchases without those sites being able to track us or combine different pieces of information to draw a more complete picture of us we want to be able to be able to disclose some information about ourselves, but not everything The U-Prove framework, released as a CTP today by Microsoft, aims to solve these problems Read the rest of this article Read the comments on this post IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197640.shtmlhttp://www.secuobs.com/revue/news/197640.shtml 2010-03-03 17:04:19 - Stratagem 13 : Microsoft warns Windows XP users, don t touch the F1 key - Linux Today - Microsoft warns Windows XP users, don t touch the F1 key http://www.secuobs.com/revue/news/197622.shtmlhttp://www.secuobs.com/revue/news/197622.shtml 2010-03-03 14:45:10 - Infrastructure 2.0 : Microsoft Dynamic Infrastructure Toolkit for Systems Center DIT-SC is hopping forward, literally, into the network With or without established standards, this dog is going to hunt ms-sc-logo It takes time to develop standards, something we often overlook When the foundational standards upon which the Internet were being developed there were almost no users, no broadband, and no real urgency to get something available The adoption of disruptive, highly volatile technologies such as virtualization and cloud computing result in an environment in which today s standards groups are not afforded the luxury of time Organizations want, nay they need, standards now and if they aren t forthcoming vendors and customers alike will move steadily forward with their own implementation The myriad cloud APIs submitted to various standards organization indicate this pattern of behavior has already begun and will continue until the dust settles and one and hopefully only one API comes out on top Microsoft may have come late to the cloud computing table, but it s certainly making up time by moving forward with its Dynamic Infrastructure Toolkit for System Center blockquote The Dynamic Infrastructure Toolkit for System Center is a free, partner-extensible toolkit that will enable datacenters to dynamically pool, allocate, and manage resources to enable IT as a service Whether you re an enterprise customer, a systems integrator, or an independent software vendor, the toolkit will help you create agile, virtualized IT infrastructures -- Microsoft Cloud Computing Infrastructure solutions What s a bit different about Microsoft s Dynamic Infrastructure Toolkit for System Center DIT-SC is that it s not focusing on standardizing the interface to the cloud, a la Yet Another Cloud API, but rather it s focused inward, on operations, much in the same way the cloud API of Yahoo is highly focused on internal rather than external operations --------------------------------------------------------------------- HOPPING into the NETWORK --------------------------------------------------------------------- The DIT-SC provides a framework not an API but a framework that allows partners and customers to manage resources, including infrastructure such as load balancers, firewalls, and other network-hosted services By providing a framework Microsoft can leave the implementation up to vendors and customers which is of course cost-effective on their part but also provides the means by which those infrastructure solutions that are not yet Infrastructure 20 enabled can still be supported image Assume for a moment a device, X, does not have a standards-based control plane accessible for automation and remote control This does not mean it cannot be automated, it simply means alternative methods of communication and control must be used Holistic identity management systems used this technique extensively to manage accounts on operating systems and applications for which there was no programmatic interface, and administrators have used remote scripting playback to automate tasks for what seems like eons Using PowerShell the integration of both Infrastructure 20 and non-enabled systems can be accomplished, resulting in unified data center management of resources via System Center load balancing is one of the planes of control, and will be primarily enabled through the existing Infrastructure 20 capabilities of various vendor implementations such as F5, Citrix, and Cisco Microsoft is approaching Infrastructure 20 and the integration of network-hosted resources in a very implementation agnostic way Rather than simply lay the entire responsibility at the feet of individual vendors, it has taken a more standardsy approach in that the definition of the PowerShell interfaces to network and application delivery network infrastructure will be normalized across similar component functionality Standardized, essentially, into a common task and model-oriented set of interfaces that can be used to basically plug-in any vendor solution in a particular data center niche This normalization is very close to standardization and thus it is not inconceivable that in the future we may see the model and interfaces developed to support the DIT-SC framework proposed as a standard in much the same way other vendors have put forth their models and interfaces as potential cloud standards Not the framework, mind you, but rather the collection of infrastructure and resource control that result from ongoing efforts to integrate infrastructure and network and systems resources into a unified dynamic management system That s the target of Infrastructure 20 standards efforts the definition of a model and interfaces unified across the network and application delivery network as well as interclouds --------------------------------------------------------------------- DE FACTO STANDARDS are INEVITABLE --------------------------------------------------------------------- The problem is that there s no one really to blame for what s almost certainly going to happen the rise of de facto standards Certainly some vendors and organizations are counting on that happening, and for others it s just going to happen because, well, that s the way things work in a rapidly evolving environment Standards are not forthcoming fast enough at this point to address the rapid evolution of data center operational needs Given the scope of the task at hand developing a set of standards that will ensure interoperability of infrastructure and cloud computing environments it s no surprise that it s taking some time At least it s no surprise if you expect that such standards will be long-lived, well-thought out, and as future-proof as standards can be It may be that efforts such as DIT-SC will, in fact, be helpful to creating accepted standards in the future Anyone who was involved in IT before TCP IP rose to the top of the standards heap and became the accepted industry standard, beating out Novell s IPX SPX and IBM S SNA will recall that there was a time when it was not clear which standard would ultimately win A similar situation will almost certainly arise in the arena of cloud computing, if not at the cloud API layer, then internally, at the operational layer By tossing the infrastructure models developed to support vendor and provider frameworks into a hat it may be that a unified set of standards can be developed that make the internal integration collaboration required to orchestrate IT operations and allow organizations to fully realize the benefits of virtualization and cloud computing In the meantime, Microsoft has somewhat quietly joined the Infrastructure 20 movement by ensuring the means by which network and application delivery network infrastructure can be automated and orchestrated through a centralized cloud management system with DIT-SC That s certainly a leap forward in the right direction http://www.secuobs.com/revue/news/197574.shtmlhttp://www.secuobs.com/revue/news/197574.shtml 2010-03-03 14:02:21 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security : Gemalto has announced that its Protiva Strong Authentication Server is now fully integrated with Microsoft Forefront Identity Manager 2010, allowing organizations to provision, deploy and manage smart card-based one-time password OTP devices linked to Gemalto s server on the familiar Microsoft interface Gemalto will be demonstrating the combined solution at the RSA Conference 2010 in the Microsoft Partner Pavilion, booth 1527, and at Gemalto booth 1923 According to Gemalto, the integrated solution allows security managers that work with Microsoft identity solutions to implement and manage OTP devices without learning a new interface Managers can use the Forefront Identity Manager FIM portal interface for all of the administrative functions for managing OTP devices, while the Gemalto strong authentication server SAS works in the background for authentication Users can also create or update a Gemalto SAS OTP device record, link the record to the user, and activate the device They can then manage or change access privileges or remove devices using the same Microsoft FIM interface http://www.secuobs.com/revue/news/197565.shtmlhttp://www.secuobs.com/revue/news/197565.shtml 2010-03-03 11:50:15 - Network World on Security : Microsoft today said it had restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens http://www.secuobs.com/revue/news/197533.shtmlhttp://www.secuobs.com/revue/news/197533.shtml 2010-03-03 11:50:15 - Network World on Security : A new security advisory from Microsoft warns about a risk involving any version of Internet Explorer on Windows 2000 and Windows XP that can allow a malicious Web site to infiltrate your PC http://www.secuobs.com/revue/news/197532.shtmlhttp://www.secuobs.com/revue/news/197532.shtml 2010-03-03 10:31:38 - securitystream.info : How will we ever get a leg up on hackers who are infecting computers worldwide Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines Related posts 1 RSA 2010 Microsoft Floats Idea to Quarantine Infected Computers 2 Virus has breached 75,000 computers study 3 Black Hat Researcher claims hack of chip used to secure computers, smartcards http://www.secuobs.com/revue/news/197508.shtmlhttp://www.secuobs.com/revue/news/197508.shtml 2010-03-03 05:36:29 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/197464.shtmlhttp://www.secuobs.com/revue/news/197464.shtml 2010-03-03 03:13:51 - Hack In The Box : In his keynote at the RSA security conference on Tuesday, Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks In a follow-up interview afterward, Charney elaborated on his vision for reducing the damage from botnets and explains how infected computers should be kept off the Internet just like doctors quarantine sick people and smokers are restricted as to where they can light up in public http://www.secuobs.com/revue/news/197403.shtmlhttp://www.secuobs.com/revue/news/197403.shtml 2010-03-03 01:51:38 - InSecurity Complex : Under Scott Charney's plan, ISPs would keep infected PCs off the Internet, much like doctors quarantine sick people and governments restrict smoking in public areas http://www.secuobs.com/revue/news/197383.shtmlhttp://www.secuobs.com/revue/news/197383.shtml 2010-03-03 00:07:15 - HackBloc.org : The famous whistleblower site Cryptomeorg has been shut down after it refused to take down the Microsoft Lawful Spying guide which details what records Microsoft retains, for how long, and under what conditions law enforcement can obtain them Microsoft claims erroneously that this guide is protected by copyright law and illegal to distribute Their host, Network Solutions boo has taken down the site and its nameservers Instead of just removing the file in question, they disabled the site in its entirety and seized the domain name Wikileaks has offerred up a mirror of the file at http wwwwikileaksorg Feel free to call Network Solutions and voice your disgust at their spinelessness 1-800-333-7680 A temporary backup has been set up here http cryptomeorgsiteprotectnet All tags NoneLogin or register to tag items http://www.secuobs.com/revue/news/197362.shtmlhttp://www.secuobs.com/revue/news/197362.shtml 2010-03-03 00:05:00 - Slashdot Your Rights Online : Ian Lamont writes Microsoft's Vice President for Trustworthy Computing Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies IMAGE IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197357.shtmlhttp://www.secuobs.com/revue/news/197357.shtml 2010-03-02 23:54:50 - SearchSecurity Security Wire Daily News : At the 2010 RSA Conference, Scott Charney, Microsoft's top Trustworthy Computing executive, discussed the software giant's new approach to botnet protection, detailed its new identity management technologies and explained why cloud computing risks upsetting the balance of power between individuals and governments IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197354.shtmlhttp://www.secuobs.com/revue/news/197354.shtml 2010-03-02 23:02:09 - News : A lobbying group composed of Microsoft rivals wants antitrust regulators worldwide to pressure the company into offering a browser ballot screen to their citizens IMAGE http://www.secuobs.com/revue/news/197329.shtmlhttp://www.secuobs.com/revue/news/197329.shtml 2010-03-02 23:02:09 - News : Microsoft Corp researchers have shrunk down its Surface tabletop computer into a pocket-sized package that, with the aid of a few accessories, one-ups conventional touchscreen devices like Apple Inc's iPhone IMAGE http://www.secuobs.com/revue/news/197325.shtmlhttp://www.secuobs.com/revue/news/197325.shtml 2010-03-02 23:00:33 - 4sysops : Microsoft resumes XP patch distribution says rootkit remover coming soon Microsoft released blue screen rootkit detection tool Microsoft to demo new cloud-computing advances at research showcase 38pourcents of IT managers ignore Web 20 risks Microsoft releases its privacy-enabling U-Prove technology Microsoft s EU ballot fails to randomize browser order Funny Microsoft is promoting http://www.secuobs.com/revue/news/197319.shtmlhttp://www.secuobs.com/revue/news/197319.shtml 2010-03-02 22:41:07 - Infosecurity USA Latest News : In his keynote address at the RSA Conference 2010 in San Francisco, Scott Charney, corporate vice president of Microsoft s Trustworthy Computing Group, outlined how Microsoft will apply its end to end trust vision to cloud computing http://www.secuobs.com/revue/news/197313.shtmlhttp://www.secuobs.com/revue/news/197313.shtml 2010-03-02 22:33:11 - threatpost The First Stop for Security News : A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for monitoring and isolating malware-riddled machines But he laid out his case for keeping them away from the general populace, comparing such a move to laws that have gone into effect over the past 20 years banning cigarette smoking in public Read the full story The Register Shorten URL http threatpostcom en_us 3Fl Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/197308.shtmlhttp://www.secuobs.com/revue/news/197308.shtml 2010-03-02 22:25:35 - securitystream.info : And while you're at it, watch out for the cloud RSA A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users Web threats Why conventional protection doesn't work Related posts 1 Windows plagued by 17-year-old privilege escalation bug 2 Microsoft will issue emergency IE patch on Thursday 3 US pinpoints author of Google attack code, says report http://www.secuobs.com/revue/news/197306.shtmlhttp://www.secuobs.com/revue/news/197306.shtml 2010-03-02 22:11:16 - SearchVMware.com VMware tips and tricks : This week's VMware news roundup includes a Microsoft executive fanning the virtualization flames and a VMware acquisition and what it means for View IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197301.shtmlhttp://www.secuobs.com/revue/news/197301.shtml 2010-03-02 22:10:35 - News : How will we ever get a leg up on hackers who are infecting computers worldwide Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines IMAGE http://www.secuobs.com/revue/news/197299.shtmlhttp://www.secuobs.com/revue/news/197299.shtml 2010-03-02 21:01:52 - Channel 9 : IMAGE In basic terms, minimal disclosure is a solution that discloses the least amount of identifying information while best limiting and constraining the use of identity-related information In this episode of the IdElement, Dr Stefan Brands, Principal Architect, shares the details of the highly anticipated U-Prove CTP, including availability of JAVA and C toolkits and cryptographic specification He also describes some edgy identity and security scenarios that the cryptographic protocols can enable with Windows CardSpace, Windows Identity Foundation, and Active Directory Federation Services Get the CTP here Get the C edition Get the Java edition Video U-Prove CTP - A Developer's Perspective Video Deep Dive Into U-Prove Cryptographic Protocols http://www.secuobs.com/revue/news/197274.shtmlhttp://www.secuobs.com/revue/news/197274.shtml 2010-03-02 20:12:23 - InSecurity Complex : Microsoft's Scott Charney says company's identity management system can give consumers the power to control where their data ends up http://www.secuobs.com/revue/news/197249.shtmlhttp://www.secuobs.com/revue/news/197249.shtml 2010-03-02 19:57:27 - Jeff Jones Security Blog : I thought it might be useful to share some of the key resources related to Microsoft news at RSA to make it easy to find Will update with more details later RSA Conference 2010 Microsoft RSA Presspass Newscenter http wwwmicrosoftcom presspass events rsa Press materials http wwwmicrosoftcom presspass events rsa Materialsaspx Image gallery http wwwmicrosoftcom presspass events rsa ImageGalleryaspx Video gallery http wwwmicrosoftcom presspass events rsa VideoGalleryaspx Microsoft Blog - Scott Charney Advancing End to End Trust, An Update from RSA 2010 Operation b49 Microsoft Blog - Cracking Down on Botnets End to End Trust Web Site End to End Trust Home http wwwmicrosoftcom endtoendtrust E2E Trust Vision http wwwmicrosoftcom mscorp twc endtoendtrust vision E2E Trust RSA 2010 http wwwmicrosoftcom mscorp twc endtoendtrust conferenceaspx IMAGE http://www.secuobs.com/revue/news/197242.shtmlhttp://www.secuobs.com/revue/news/197242.shtml 2010-03-02 19:41:53 - Global Security Mag Online : Passlogix a annoncé l'intégration de v-GO Single Sign-On v-GO SSO et des autres éléments de sa suite v-GO Access Accelerator avec Microsoft Forefront Identity Manager FIM 2010 Cette intégration permettra aux organisations qui déploient à la fois FIM et v-GO SSO d'automatiser l'approvisionnement et dé provisionnement d'accès SSO à toutes les applications Windows, Web et aux applications mainframe, réduisant ainsi tant les frais d'administration tout en simplifiant l'expérience utilisateur - Produits http://www.secuobs.com/revue/news/197228.shtmlhttp://www.secuobs.com/revue/news/197228.shtml 2010-03-02 19:37:12 - Les derniers documents du CERTA. : Une vulnérabilité dans VBScript permet à un utilisateur malintentionné d'exécuter du code arbitraire à distance http://www.secuobs.com/revue/news/197226.shtmlhttp://www.secuobs.com/revue/news/197226.shtml 2010-03-02 17:35:37 - eSecurity Planet Features : A new zero-day vulnerability threatens to use Windows help files against users, if they can be convinced to press F1, the traditional key for help It's a trap http://www.secuobs.com/revue/news/197166.shtmlhttp://www.secuobs.com/revue/news/197166.shtml 2010-03-02 16:55:17 - News : The IDE upgrade, delayed after performance problems in a beta release pushed back the launch, is now due to ship April 12 IMAGE http://www.secuobs.com/revue/news/197159.shtmlhttp://www.secuobs.com/revue/news/197159.shtml 2010-03-02 12:00:01 - Network World on Security : Steer clear of the F1 key while surfing the Web, at least for a little while http://www.secuobs.com/revue/news/197087.shtmlhttp://www.secuobs.com/revue/news/197087.shtml 2010-03-02 12:00:01 - Network World on Security : Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer IE http://www.secuobs.com/revue/news/197086.shtmlhttp://www.secuobs.com/revue/news/197086.shtml 2010-03-02 04:33:24 - News : The app services technology is intended to boost speed and management of the Web and other programs IMAGE http://www.secuobs.com/revue/news/197003.shtmlhttp://www.secuobs.com/revue/news/197003.shtml 2010-03-02 04:33:24 - News : To stay ahead of Microsoft, VMware will have to cut prices, bolster security, simplify management and successfully navigate the desktop and the cloud IMAGE http://www.secuobs.com/revue/news/197001.shtmlhttp://www.secuobs.com/revue/news/197001.shtml