[June 8, 2005] Security Policies? Ugh, Just Give Me a Firewall

Start Time:   Wednesday, June 08, 2005 7:15 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Wednesday, June 08, 2005 8:30 AM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Security Recommended Audience: IT Professional Language: English-American  Description:    Start | Programs | Firewall | Rules | Add rule | Permit all hosts destination port 4695/tcp. Um, why did you just do that? Was there a business justification for creating that hole, and was the decision backed up by your security policy? You do have an up-to-date, regularly reviewed policy, right? Surprisingly (or not), security policies in many organizations are hidden, … Continue reading [June 8, 2005] Security Policies? Ugh, Just Give Me a Firewall

[June 8, 2005] Tips and Tricks to Running Windows with Least Privilege

Start Time:   Wednesday, June 08, 2005 5:30 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Wednesday, June 08, 2005 6:45 AM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Windows Recommended Audience: IT Professional Language: English-American Description:    The security principle of “least privilege” is well understood: Software should run with the smallest set of privileges needed to perform its tasks. However, Windows users who are allowed to administer their own machines usually run with Administrator privileges all the time. Email, Web browsing, and instant messaging do not require administrative privileges, and are common avenues for malicious code to attack … Continue reading [June 8, 2005] Tips and Tricks to Running Windows with Least Privilege

[June 7, 2005] Understanding and Fighting Malware: Viruses, Spyware and Rootkits

Start Time:   Tuesday, June 07, 2005 2:00 PM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Tuesday, June 07, 2005 3:15 PM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Security Recommended Audience: IT Professional Language: English-American Description:    Today’s Internet is fraught with peril in the form of undesirable and malicious software. These types of software continue to evolve new ways of propogating and ways of embedding themselves more deeply into the systems they infect. Join us for this webcast, presented from Tech·Ed 2005 in Orlando, Florida, and gain an understanding of their propagation methods, including buffer overflow exploits, how to … Continue reading [June 7, 2005] Understanding and Fighting Malware: Viruses, Spyware and Rootkits

[June 2, 2005] Tips and Tricks on How to Make Microsoft Outlook Work for YOU from a True Power User!

Start Time:   Thursday, June 02, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Thursday, June 02, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Outlook Recommended Audience: Business PC UserLanguage: English-American  Description:    If you caught Robin’s last webcast you saw how she brings Microsoft Office Outlook to places you never knew were possible. Want to find out how to make Outlook work for you? Join us for this special webcast presented by Robin Eyman, Executive Administrative Assistant at Microsoft Corporation, as she shows us how to customize Outlook to do amazing things and … Continue reading [June 2, 2005] Tips and Tricks on How to Make Microsoft Outlook Work for YOU from a True Power User!

[June 1, 2005] Threat Mitigation for Windows 98 and Windows NT 4.0

TechNet Webcast: Threat Mitigation for Windows 98 and Windows NT 4.0 (Part 3 of 3): Mitigating Threats for Windows 98 and Migrating Legacy Systems (Level 200) Start Time:   Wednesday, June 01, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Wednesday, June 01, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Windows Recommended Audience: IT Professional Language: English-American  Description:    While migration to a newer platform is recommended, many customers have key business applications that will only run on legacy operating systems. In the final part of this series, we provide an analysis of the challenges … Continue reading [June 1, 2005] Threat Mitigation for Windows 98 and Windows NT 4.0

[June 1, 2005] Defense in Depth Against Malicious Software (Part 3 of 3)

Start Time:   Wednesday, June 01, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Wednesday, June 01, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada) Event Description  Products: Windows Server Recommended Audience: IT Professional Language: English-American  Description: Malicious software has become increasingly advanced; worms and viruses can propagate more quickly and evade detection more effectively. This final of three webcasts describes how a defense-in-depth approach to antivirus solution design can be applied specifically to help protect servers and networking devices from malicious software attacks.  Presenter: Kai Axford, Security Specialist, Microsoft Corporation Technet Webcast

Intuit launches Windows patch tool

Intuit has released the Track-It Patch Manager to help small and medium businesses install Microsoft security updates on their networks. Track-It was developed by Intuit’s IT Solutions group, which the company will soon sell so it can focus on Quickbooks and its other financial management products. Track-It can schedule scans of computers, install missing patches, and reboot computers. It also displays patch information, creates reports, and allows administrators to choose which patches to install automatically. Tack-It is available to Track-It, Deploy, and Network Monitor customers, while a stand-alone version is available at varying prices. Cnet News

Virus authors choosing to infect fewer people

Eugene Kaspersky, founder of Kaspersky Labs, speaking at the AusCERT security conference on Australia’s Gold Coast, argued that virus writers are avoiding global malware epidemics in order to focus on the more profitable business of selling zombie networks. Criminal organizations are willing to buy networks of 5,000 to 10,000 zombies to serve spam or launch distributed denial of service (DDoS) attacks. Malware authors advertise their services in underground newsgroups, start assembling a network after receiving an order, then discontinue the malware they used after finishing an order. By targeting a small number of computers, virus writers have an easier time … Continue reading Virus authors choosing to infect fewer people

avast! Antivirus Device Driver Memory Overwrite Vulnerability

Piotr Bania has reported a vulnerability in avast! Antivirus, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerability is caused due to missing input validation in the device driver and can be exploited to overwrite arbitrary memory via signals with specially crafted input.  Successful exploitation allows execution of arbitrary code with escalated privileges. The vulnerability has been reported in version 4.6. Other versions may also be affected. Solution: Update to version 4.6.665 or later. http://secunia.com/advisories/15495/  

Apple Keynote URI Handler Arbitrary File Disclosure Vulnerability

A vulnerability was identified in Apple Keynote, which may be exploited exploited by attackers to disclose sensitive information. This flaw occurs when handling a specially crafted Keynote presentation called via the “keynote:” URI handler, which may be exploited by a remote attacker to read and retrieve arbitrary files from a vulnerable system. Affected Products:Keynote version 2.0.1Keynote version 2.0 Note : This issue does not affect Keynote versions prior to Keynote 2 Solution: Upgrade to Keynote version 2.0.2 : http://www.apple.com/iwork/keynote/download/ http://www.frsirt.com/english/advisories/2005/0624