16 Percent of Companies Aren’t Concerned about Spyware

http://www.networkworld.com/columnists/2007/032607edit.html In a recent study about spyware by Nemertes Research, Senior Vice President Andreas Antonopoulos was surprised to find that 16% of the companies examined were not concerned about the threat. The article notes that the reason for this isn’t lack of computer security spending at the companies in question. Nor is it because the …

Continue reading ‘16 Percent of Companies Aren’t Concerned about Spyware’ »

Eschelbeck Slams Windows Defender

I was a fan of Gerhard Eschelbeck when he was with Qualys. He’s been pretty much off my radar sense he took the CTO position at Webroot. Today he comes out swinging against Windows Defender as reported in Information Week. “If you look at the [Defender] data points, they speak for themselves,” says Eschelbeck. “Defender …

Continue reading ‘Eschelbeck Slams Windows Defender’ »

Holy Cow, Sunbelt Doesn’t Pile on MS

Its posts like this that keep Sunbelt in the list of blogs I read regularly. In the post they explain why a recent security writers claim “IE7 is still the spyware writers dream” is actually hype. The vulnerability is that if the bad guy has write access to your computer, he can get a dll …

Continue reading ‘Holy Cow, Sunbelt Doesn’t Pile on MS’ »

SANS 2.2 Desktop Encryption

This is a 5 company report on their lessons learned and experience. Rhonda Maluia from the Naval Special Warfare Development Group spoke on their use of hardware based encryption. They use Flagstone which is a British company (opening U.S. offices shortly). I took less notes on this talk due to the dark background of the …

Continue reading ‘SANS 2.2 Desktop Encryption’ »

SANS Section 1.3 Top Mistakes in Deploying Mobile Data Encryption

Again these are my notes from the SANS Secure Storage and Encryption Conference. In Session 1.3 four companies discuss their experiences deploying encryption. JP Morgan Chase – Guardian Edge EPHD 48k laptops deployed. They found problems due to standardization issues and multiple support teams. Key Challenges – If your goal is to encrypt data on …

Continue reading ‘SANS Section 1.3 Top Mistakes in Deploying Mobile Data Encryption’ »

Myspace-qucktime-zango phishing worm

Several sites are reporting a worm infecting Myspace profiles and attempting to phish passwords through the use of javascript in Quicktime files. The vulnerability sounds similar to the Word URL autolaunch vulnerability or the same problem in Adobe. An exploited user profile in Youtube will contain a Quicktime file. The Quicktime will likely play without …

Continue reading ‘Myspace-qucktime-zango phishing worm’ »

The IM Blocker is working

Getting hit with some spyware laden links here at work. Our blocker got it no problem. But for everyone without IM protection watch out for hxxp://nsl-school.org/?id=18388 hxxp://nsl-school.org/?id=winning_list hxxp://mytermex.com/?news_id=18388 hxxp://mytermex.com/?id=virus_shield hxxp://nsl-school.org/?id=news X-( http changed to hxxp to avoid anyone accidently infecting themselves. If you go to the sites, you’re on your own.

Practicing Safe Surf

In other news the sky is blue. Porn sites are sleazy. and everything isn’t as it seems on myspace. http://sourcewire.com/releases/rel_display.php?relid=27686&hilite= A survey of over 600 UK respondents showed that young men are significantly more likely to be infected with spyware than their female counterparts. The likelihood of infection was increased by the risky online behaviour …

Continue reading ‘Practicing Safe Surf’ »

Yet Another Zero Day: Vulnerability in Vector Markup Language

Microsoft is reporting that there is a zero day in Vector Markup Language. This can be vulnerability can be exploited to install software (such as spyware) without your knowledge when your visit a website in IE or open an email in Outlook. Currently there are some workarounds and Microsoft is planning on releasing a patch …

Continue reading ‘Yet Another Zero Day: Vulnerability in Vector Markup Language’ »