Messaging Hygiene at Microsoft

Detailed discussion on how Microsoft IT manages the large quantities of unwanted e-mail (a.k.a. spam) and malware-infected messages in its inbound Internet e-mail traffic. The paper documents how Microsoft IT uses Microsoft Exchange Server 2003 technologies, Microsoft Office Outlook 2003, and third-party solutions to both reduce the quantity of spam routed through the corporate messaging infrastructure by filtering at the gateway layer and then remove the threats in remaining messages posed by viruses, worms, and their common distribution vectors, such as file attachments


http://www.microsoft.com/downloads/details.aspx?FamilyID=17dc35ad-8ba1-48b1-91f3-563313ee878a&DisplayLang=en

Spyware Infiltration Rises in Corporate Networks, But Webroot Survey Finds Companies Still Neglect Threat

Results Show Less Than 10 Percent of Responding Corporations Believe They Have Deployed an Enterprise-Class Anti-Spyware Solution


Corporations are experiencing a steady infiltration of spyware into enterprise networks, but only a small number have deployed an enterprise-class solution to combat the threat, according to a new survey conducted by Equation Research for Webroot Software, the leading provider of privacy, protection and performance software.


The survey, which canvassed more than 275 IT managers and executives nationwide, found that even as IT organizations spend more time fighting spyware, very few corporations are deploying corporate solutions against the
growing threat.  According to the survey, more than 70 percent of corporations have expressed an increased concern with spyware, but less than 10 percent of businesses have implemented commercially available anti-spyware software.


The survey also showed that more than 96 percent felt protected from outside threats using traditional anti-virus and firewall solutions, yet nearly 82 percent report their desktops are currently infected with spyware, with more than a third noticing an increase in spyware infections in the last six months.


http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/10-27-2004/0002312592&EDATE=

Anti-Spyware Software Development Kit Released

InterMute First to Enable ISVs to Accelerate Time to Market When Creating Enterprise Anti-Spyware Solutions


InterMute, Inc., a leading provider of Internet security and content filtering solutions, today announced the SpySubtract Software Development Kit (SDK), to allow independent software vendors (ISVs) to efficiently develop Enterprise Anti-Spyware solutions for their enterprise security customers.


InterMute is licensing their modular anti-spyware SDK, built with industry-standard Microsoft Visual Studio C++, to provide developers with a fast way to enhance existing security software products, to protect against spyware threats. Modularity and portability have been designed into the SpySubtract code base from day one. Plus, InterMute’s technology is field proven; no other anti-spyware solution ships pre-loaded on more new PCs than InterMute’s SpySubtract PRO.


http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/10-27-2004/0002313130&EDATE=

Creative Manager Pro Adds Support for Firefox

Creative Manager, Inc., provider of Creative Project Manager and Creative Manager Pro, announced today the release of version 7.3.2, adding support for the new Mozilla Firefox browser. The Firefox browser is the new cross-platform browser that works on Mac OS X, Lunux and Windows.


No installation or conversion will be necessary, and the update is free to all users of Creative Project Manager and Creative Manager Pro.


http://www.onlypunjab.com/fullstory1004-insight-Creative+Manager+Pro+Adds+Support+for-status-24-newsID-12141.html

Executive E-Mail: The Facts on Windows and Linux

In an e-mail sent today to customers worldwide, Microsoft CEO Steve Ballmer discusses a number of recent independent analyst reports and customer case studies that indicate the value of an integrated platform, such as Windows, is significant compared to Linux, open source and UNIX.


Oct. 27, 2004 – Customer Focus: Comparing Windows with Linux and UNIX in http://www.microsoft.com/mscorp/execmail/2004/10-27platformvalue.asp


Get the Facts on Windows and Linux in http://www.microsoft.com/windowsserversystem/facts/default.mspx


 

Google plugs hole exposing Gmail mail-boxes

Google Inc. has fixed a security flaw in its Gmail Web-based e-mail service that allowed attackers to hijack users’ e-mail accounts. See blog entry earlier http://msmvps.com/donna/archive/2004/10/31/17416.aspx


“Google was recently alerted to a potential security vulnerability affecting the Gmail service. We have since fixed this vulnerability, and all current and future Gmail users are protected,” Google spokesman Nathan Tyler said.


Tyler declined to discuss the nature of the problem, but a source close to Google confirmed that the flaw allowed an attacker to gain complete control over a user’s account.


http://www.infoworld.com/article/04/10/29/HNgmail_1.html

Epiphany Browser Tabbed Browsing Errors Let Remote Users Spoof Sites

Juha-Matti Laurio reported a vulnerability in the Epiphany browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.


It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.


The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Epiphany. Secunia Research reported the flaw in Mozilla.


A demonstration exploit is available at http://secunia.com/multiple_browsers_dialog_box_spoofi ng_test/


The vendor was notified on October 30, 2004.
Impact:  A remote user may be able to spoof web page functions.
Solution:  No solution was available at the time of this entry.


http://www.securitytracker.com/alerts/2004/Oct/1012003.html

Galeon Browser Tabbed Browsing Errors Let Remote Users Spoof Sites

 Juha-Matti Laurio reported a vulnerability in the Galeon browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.

It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.

The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Galeon. Secunia Research reported the flaw in Mozilla.

A demonstration exploit is available at http://secunia.com/multiple_browsers_dialog_box_spoofing _test/

The vendor was notified on October 26, 2004.


http://www.securitytracker.com/alerts/2004/Oct/1012002.html

Just another Microsoft MVPs site