Microsoft Threat Modeling Tool updated

Updated June 28, 2004
The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user.


The Threat Modeling Tool was built by Microsoft Security Software Engineer Frank Swiderski.


http://www.microsoft.com/downloads/details.aspx?FamilyID=62830f95-0e61-4f87-88a6-e7c663444ac1&DisplayLang=en

Incident Response—Managing Security at Microsoft

Microsoft IT has developed a preventative approach to managing computer vulnerabilities. Designed to reduce the occurrences and severity of attacks, Microsoft IT’s security methodology includes the development of processes to reduce open ports and vulnerable systems and services, manage user permissions, regularly assess risks, and regularly monitor compliance with security guidelines.


 

Microsoft Blames Hackers, Not Vulnerability, For Web Attack

Security firms say the evidence is leading them to accept Microsoft’s explanation that its Internet Information Services server software doesn’t have an unknown vulnerability.


The Web attack that was stopped dead in its tracks on Friday when a Russian Web site was taken offline remained under investigation Monday by a host of security firms still puzzled over the method used to infect a number of Microsoft Internet Information Services servers.


But the evidence now is leading them to accept Microsoft’s explanation that the IIS 5.0 servers were hacked manually and that the server software doesn’t have an unknown vulnerability.


http://www.informationweek.com/story/showArticle.jhtml?articleID=22102487

Information Technology Executives Will Analyze the Newest Weapons Against Spam and Viruses at August Conference

The Wall Street Transcript’s August 10 Online Security Conference is designed to give medium and large entities an in-depth understanding of how to use the combination of technology and legal solutions to combat spam, viruses and worms.


This New York City Conference is unique in that nationally renowned authorities will discuss the online privacy concerns; identity theft; spyware; the protection of digital assets; legal requirements for archiving email; and, mining intelligence from email archives.


According to some reports, spam accounts for 76% of all email. Not only is spam a costly nuisance but it is also the gateway for increasingly destructive viruses and worms.


Speakers hail from some of the savviest technology companies such as Lucent Technologies; Bellsouth; MessageGate; MessageRite; and iDefense. Also, presenting industry authorities will come from The Yankee Group, Infoworld and eWeek.


Limited seating and sponsorship opportunities are still available.


http://www.tmcnet.com/usubmit/2004/Jun/1052591.htm

Check Point Protects Against Download.Ject Trojan in Advance of Exploit

Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, today announced that its industry-leading VPN-1 Next Generation product lines provided defenses against a new Trojan referred to as Download.Ject prior to its emergence. 


The Trojan first broke on June 24, 2004, and Check Point has provided defenses since June 9, 2004 (please refer to Check Point’s June 9, 2004 advisory, CPAI-2004-22, at http://www.checkpoint.com/securitycenter/advisories/index.html


http://www.tmcnet.com/usubmit/2004/Jun/1052616.htm

Spyware-killers get going online

As Congress takes a more serious look at legislation to restrain spyware, a growing number of online companies are lining up to give consumers their own anti-spyware tools.


The latest is security software company PestPatrol, which on Monday launched a new anti-spyware resource center, drawing together how-to articles, a large searchable database of spyware, adware and related “pests,” and other information on the issue.


The site focuses more heavily on spyware information than do similar sites at antivirus companies such as Symantec. But like those rivals, it aims to show the breadth of its creators’ familiarity with the ever-evolving world of digital annoyances and, ultimately, persuade people to buy its software.


“An anti-spyware solution is only as good as the threat database behind it,” David Stang, PestPatrol’s co-founder, said in a statement.


http://zdnet.com.com/2100-1105_2-5250738.html

Gates Defends Microsoft Patch Efforts

Microsoft chairman Bill Gates defended the company’s handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs.


Two of the Internet Explorer vulnerabilities exploited in the attacks were discovered in active use on June 6th, and have not yet been patched by Microsoft, according to an analysis by IT security company Symantec. [Symantec publishes SecurityFocus]. The attacks also used a controversial Internet Explorer feature that permits local HTML documents to create or overwrite files on a user’s computer. Though not a bug in and of itself, security researchers warned as early as last August that the feature becomes a serious attack vector when used in conjunction with Internet Explorer holes.


Still, speaking at a press conference here Monday, Gates told journalists that Microsoft’s patching process compares well with competitors’. “You know, the time — the average time — to fix on an operating system other than Windows is typically ninety to a hundred days,” said Gates. “Today we have that down to less than forty-eight hours.”


Asked by SecurityFocus about the Russian hacks of last week, Gates hinted that the attacks wouldn’t have been possible if administrators had installed a security patch Microsoft made available for its IIS Web server product last April.


http://www.securityfocus.com/news/9004

W32.Bugbear.K@mm

W32.Bugbear.K@mm

Category 2
Discovered on: June 26, 2004
Last Updated on: June 28, 2004 02:36:48 PM


W32.Bugbear.K@mm worm is:


  • A variant of W32.Bugbear.B@mm and W32.Bugbear.E@mm.
  • A mass-mailing worm that also spreads through network shares.
  • Polymorphic and also infects .exe files.
  • Possesses keylogging capabilities.

Type:  Virus, Worm 
Infection Length:  43,520 bytes 
Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 
Systems Not Affected:  DOS, EPOC, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX, Windows 3.x


More info: http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.k@mm.html

Norman Virus Control and Norman Personal Firewall included in the Internet subscriptions of all UPC customers

Norman ASA has today entered into a comprehensive joint venture agreement with the broadband supplier, UPC.  This agreement provides all of UPC’s customers with virus protection using Norman Internet Control, a package which combines Norman’s award-winning Norman Virus Control and Norman Personal Firewall, which are both included in the subscription.


“Recent virus attacks have caused considerable damage for Internet users throughout the world.  We want to make the broadband Internet as simple and safe as possible for our customers, and we are therefore pleased that we are now able to offer our Internet customers one of the leading virus protection programmes available on the market,” says Gunnar Evensen, the Managing Director of UPC.


The agreement encompasses all of UPC’s Internet customers, who from today onwards will be able to download the latest version of Norman Internet Control from www.upc.no.  The program will be automatically updated as new versions gradually become available, and UPC’s customers will be able to gain direct access to Norman’s customer services centre if they have any queries about viruses and security.


http://www.sourcewire.com/releases/rel_display.php?relid=XEzAX

Mac OS X security myth exposed

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.
The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.


One thing the hard figures have shown is that OS X’s reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system – comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.


“Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news,” said Secunia chief executive Niels Henrik Rasmussen. “The myth that Mac OS X is secure, for example, has been exposed.”


http://www.techworld.com/security/news/index.cfm?newsid=1798