HNS MAIN FEED
Sunday, 21:37 EDT
- Scammers using IM to deliver "IQ Test" spam
- Automated vs. manual security
- Facebook boosts security by adding remote logout feature
- Trojan attacks remain widespread
- Spammers attack Apple's Ping social network
- Labor Day phishing warning
- User's opinions on malware infections revealed
- Google Code hosting malware-spreading project
- Fake browser warnings lure victims to rogue AV solution
- Rescue of Chilean miners used as lure by banker Trojan
- Phishing campaign targets McDonald's fans
- Cyber crooks steal nearly $1 million from University of Virginia
An In-Depth Look Into Windows Security in 2003
When it comes to security predictions for next year, basically everyone says it's going to be worst than this year despite the increased spending on security and some progress made when it comes to security awareness. Let's take a look at some interesting happenings that made the news during 2003 when it comes to Microsoft security and perhaps you'll be able to judge for yourself what 2004 will bring.
The experts that voice their opinion for this article are Russ Cooper (Surgeon General of TruSecure Corporation/NTBugtraq Editor), Ed Skoudis (a security geek who is focused on computer attacks and defenses, author of "Counter Hack" and "Malware: Fighting Malicious Code") and Arne Vidstrom (a security researcher and author of many security tools for Windows).
It's January and things don't look good
Just as we were getting used to writing 2003 instead of 2002 in our letters, here comes the Slammer worm and all hell breaks loose as thousands of computers are infected worldwide.
This, however, was not Microsoft's fault since a patch was available several months ago before the worm was unleashed. This has put the issue of irresponsible users into the spotlight while others said the reason why some servers weren't patched is because administrators are worried about the side-effects that come with a patch.
Russ Cooper said: "Firstly, SQL patches have been notoriously difficult to install, so I would argue that despite the availability of a patch, its lack of installation was not entirely the user's fault. Further, MSDE (Microsoft SQL Desktop Engine) inclusion in 3rd party software had never been tracked by Microsoft. This resulted in many people being vulnerable to Slammer who never knew they needed a patch. The method the SQL group has used to handle the SQL vs. MSDE issue have been very poor, with KB articles typically only being found by searching for SQL rather than MSDE. Finally the SQL Server Resolution Service, the service targeted by Slammer, isn't even mentioned in the SQL 7.0 documentation either as being present, installed, or enabled by default."
- Malware detection with Neptune
- Corporate espionage for dummies: HP scanners
- A closer look at GFI Backup 2010 Business Edition
- Network security challenges faced by universities
- Building secure software using fuzzing and static code analysis
