Month: June 2004

Updated June 28, 2004The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user. The Threat Modeling Tool was built by Microsoft Security Software Engineer Frank Swiderski. http://www.microsoft.com/downloads/details.aspx?FamilyID=62830f95-0e61-4f87-88a6-e7c663444ac1&DisplayLang=en

Microsoft IT has developed a preventative approach to managing computer vulnerabilities. Designed to reduce the occurrences and severity of attacks, Microsoft IT’s security methodology includes the development of processes to reduce open ports and vulnerable systems and services, manage user permissions, regularly assess risks, and regularly monitor compliance with security guidelines.  

Security firms say the evidence is leading them to accept Microsoft’s explanation that its Internet Information Services server software doesn’t have an unknown vulnerability. The Web attack that was stopped dead in its tracks on Friday when a Russian Web site was taken offline remained under investigation Monday by a host of security firms still puzzled over the method used to infect a number of Microsoft Internet Information Services servers. But the evidence now is leading them to accept Microsoft’s explanation that the IIS 5.0 servers were hacked manually and that the server software doesn’t have an unknown vulnerability. http://www.informationweek.com/story/showArticle.jhtml?articleID=22102487

The Wall Street Transcript’s August 10 Online Security Conference is designed to give medium and large entities an in-depth understanding of how to use the combination of technology and legal solutions to combat spam, viruses and worms. This New York City Conference is unique in that nationally renowned authorities will discuss the online privacy concerns; identity theft; spyware; the protection of digital assets; legal requirements for archiving email; and, mining intelligence from email archives. According to some reports, spam accounts for 76% of all email. Not only is spam a costly nuisance but it is also the gateway for increasingly … Continue reading Information Technology Executives Will Analyze the Newest Weapons Against Spam and Viruses at August Conference

Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, today announced that its industry-leading VPN-1 Next Generation product lines provided defenses against a new Trojan referred to as Download.Ject prior to its emergence.  The Trojan first broke on June 24, 2004, and Check Point has provided defenses since June 9, 2004 (please refer to Check Point’s June 9, 2004 advisory, CPAI-2004-22, at http://www.checkpoint.com/securitycenter/advisories/index.html http://www.tmcnet.com/usubmit/2004/Jun/1052616.htm

As Congress takes a more serious look at legislation to restrain spyware, a growing number of online companies are lining up to give consumers their own anti-spyware tools. The latest is security software company PestPatrol, which on Monday launched a new anti-spyware resource center, drawing together how-to articles, a large searchable database of spyware, adware and related “pests,” and other information on the issue. The site focuses more heavily on spyware information than do similar sites at antivirus companies such as Symantec. But like those rivals, it aims to show the breadth of its creators’ familiarity with the ever-evolving world … Continue reading Spyware-killers get going online

Microsoft chairman Bill Gates defended the company’s handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs. Two of the Internet Explorer vulnerabilities exploited in the attacks were discovered in active use on June 6th, and have not yet been patched by Microsoft, according to an analysis by IT security company Symantec. [Symantec publishes SecurityFocus]. The attacks also used a controversial Internet Explorer feature that permits local HTML documents to create or overwrite files on a user’s computer. Though not a bug in and of itself, security researchers warned as early as last … Continue reading Gates Defends Microsoft Patch Efforts

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each. One thing the hard figures have shown is that OS X’s … Continue reading Mac OS X security myth exposed