Microsoft Threat Modeling Tool updated

Updated June 28, 2004The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user. The Threat Modeling Tool was built by Microsoft Security Software Engineer Frank Swiderski.

Incident Response—Managing Security at Microsoft

Microsoft IT has developed a preventative approach to managing computer vulnerabilities. Designed to reduce the occurrences and severity of attacks, Microsoft IT’s security methodology includes the development of processes to reduce open ports and vulnerable systems and services, manage user permissions, regularly assess risks, and regularly monitor compliance with security guidelines.  

Microsoft Blames Hackers, Not Vulnerability, For Web Attack

Security firms say the evidence is leading them to accept Microsoft’s explanation that its Internet Information Services server software doesn’t have an unknown vulnerability. The Web attack that was stopped dead in its tracks on Friday when a Russian Web site was taken offline remained under investigation Monday by a host of security firms still puzzled over the method used to infect a number of Microsoft Internet Information Services servers. But the evidence now is leading them to accept Microsoft’s explanation that the IIS 5.0 servers were hacked manually and that the server software doesn’t have an unknown vulnerability.

Information Technology Executives Will Analyze the Newest Weapons Against Spam and Viruses at August Conference

The Wall Street Transcript’s August 10 Online Security Conference is designed to give medium and large entities an in-depth understanding of how to use the combination of technology and legal solutions to combat spam, viruses and worms. This New York City Conference is unique in that nationally renowned authorities will discuss the online privacy concerns; identity theft; spyware; the protection of digital assets; legal requirements for archiving email; and, mining intelligence from email archives. According to some reports, spam accounts for 76% of all email. Not only is spam a costly nuisance but it is also the gateway for increasingly … Continue reading Information Technology Executives Will Analyze the Newest Weapons Against Spam and Viruses at August Conference

Check Point Protects Against Download.Ject Trojan in Advance of Exploit

Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, today announced that its industry-leading VPN-1 Next Generation product lines provided defenses against a new Trojan referred to as Download.Ject prior to its emergence.  The Trojan first broke on June 24, 2004, and Check Point has provided defenses since June 9, 2004 (please refer to Check Point’s June 9, 2004 advisory, CPAI-2004-22, at

Spyware-killers get going online

As Congress takes a more serious look at legislation to restrain spyware, a growing number of online companies are lining up to give consumers their own anti-spyware tools. The latest is security software company PestPatrol, which on Monday launched a new anti-spyware resource center, drawing together how-to articles, a large searchable database of spyware, adware and related “pests,” and other information on the issue. The site focuses more heavily on spyware information than do similar sites at antivirus companies such as Symantec. But like those rivals, it aims to show the breadth of its creators’ familiarity with the ever-evolving world … Continue reading Spyware-killers get going online

Gates Defends Microsoft Patch Efforts

Microsoft chairman Bill Gates defended the company’s handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs. Two of the Internet Explorer vulnerabilities exploited in the attacks were discovered in active use on June 6th, and have not yet been patched by Microsoft, according to an analysis by IT security company Symantec. [Symantec publishes SecurityFocus]. The attacks also used a controversial Internet Explorer feature that permits local HTML documents to create or overwrite files on a user’s computer. Though not a bug in and of itself, security researchers warned as early as last … Continue reading Gates Defends Microsoft Patch Efforts


W32.Bugbear.K@mm Discovered on: June 26, 2004 Last Updated on: June 28, 2004 02:36:48 PM W32.Bugbear.K@mm worm is: A variant of W32.Bugbear.B@mm and W32.Bugbear.E@mm. A mass-mailing worm that also spreads through network shares. Polymorphic and also infects .exe files. Possesses keylogging capabilities. Type:  Virus, Worm Infection Length:  43,520 bytes Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected:  DOS, EPOC, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX, Windows 3.x More info:

Norman Virus Control and Norman Personal Firewall included in the Internet subscriptions of all UPC customers

Norman ASA has today entered into a comprehensive joint venture agreement with the broadband supplier, UPC.  This agreement provides all of UPC’s customers with virus protection using Norman Internet Control, a package which combines Norman’s award-winning Norman Virus Control and Norman Personal Firewall, which are both included in the subscription. “Recent virus attacks have caused considerable damage for Internet users throughout the world.  We want to make the broadband Internet as simple and safe as possible for our customers, and we are therefore pleased that we are now able to offer our Internet customers one of the leading virus protection … Continue reading Norman Virus Control and Norman Personal Firewall included in the Internet subscriptions of all UPC customers

Mac OS X security myth exposed

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each. One thing the hard figures have shown is that OS X’s … Continue reading Mac OS X security myth exposed