Archive for October 31st, 2011

Facebook – Avoid ChatSend application

Sunbelt security has issued a warning for the ChatSend application.  It installs toolbars for all popular browsers and changes the user’s home page.  It then generates spammed messages extensively within Facebook.  It is difficult to remove once installed and should be avoided if offered by any of your Facebook contacts.

Facebook – Avoid ChatSend application
http://sunbeltblog.blogspot.com/2011/10/little-too-chatty.html

QUOTE: There’s a program called ChatSend currently doing the rounds on Facebook, and at time of writing just over 114,000 people have hit the “Like” button which no doubt means a high proportion of that tally have downloaded and installed it. The link directs to the Facebook page of ChatSend where one can readily download the app. Upon execution, it shows a GUI containing its Terms of Service and Privacy Policy. The pre-ticked boxes will install the toolbar in all browsers, set web search as default and change the homepage.

Corporate Security Awareness – It is worth the effort and cost?

This SecuriTeam post debates some of the pros/cons of corporate security awareness.  Some firms rely solely on technology controls while others have a robust user awareness program.  Somewhere in the middle is a good balance as both technology and the user play an important role in safeguarding the company’s information resources.   I would personally vote “YES” having seen direct and measurable benefits from past security awareness campaigns

Corporate Security Awareness – It is worth the effort and cost?
http://blogs.securiteam.com/index.php/archives/1555

QUOTE: Is security awareness “worth it”?  Is security awareness “cost effective”?  Well, we’ve been spending quite a lot on security technologies (sometimes just piecemeal, unmanaged security technologies), and we haven’t got good security.  Three arguments in favour of at least trying security awareness spending:

1)  When you’ve got two areas of benefit, and you are reaching the limits of “diminishing returns” in one area, the place to put your further money is on the one you haven’t stressed.

2)  Security awareness is mostly about risk management.  Business management is mostly about risk management.  Security awareness can give you advantages in more than just security.

3)  Remember that the definition of insanity is trying the same thing over and over again, and expecting a different result.

Windows 2008 R2 Hyper-V security Hardening Guide

Securiteam blogs has published an excellent security guide for hardening Microsoft’s Hyper-V virtual environment

Windows 2008 R2 Hyper-V security Hardening Guide
http://blogs.securiteam.com/index.php/archives/1561

QUOTE: Virtual Machine Servicing Tool 3.0 helps to update offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches. Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.

Halloween 2011 – More online Tricks are circulating than Treats

Please be careful with email, weblinks and Facebook as malicious threats are circulating. Several security firms are warning of online dangers:

Halloween 2011 – More online Tricks are circulating than treats
http://blog.trendmicro.com/tricks-and-threats-infographic/
http://blog.eset.com/2011/10/27/scary-halloween-cyber-pranks
http://nakedsecurity.sophos.com/2011/10/31/halloween-kill-some-zombies/

QUOTE: Halloween is fast approaching and it’s that time of the year when scaring people is the most popular form of entertainment. However, not all spooks this season may end up in good-natured merriment. Cybercriminals may take this opportunity to scare users with their tricks, which include spammed messages, poisoned search results, spammed tweets with dubious links and Facebook clickjacking attacks. If not wary of these schemes, users may end up becoming victims of information theft, system infection, and even financial loss.

VMware – Security Blog and Key Resources

Below are key security resources for VMware found during recent research:

VMware – Security Blog
http://blogs.vmware.com/security/

VMware – Security Center
http://www.vmware.com/technical-resources/security/index.html

QUOTE: VMware offers secure and robust virtualization solutions for virtual data centers and cloud infrastructures, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. VMware virtualization gives you:

  • Secure architecture and design: Based on its streamlined and purpose-built architecture, vSphere is considered by experts to be the most secure virtualization platform.
  • Third-party validation of security standards: VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations.
  • Proven technology: More than 250,000 customers—including all of the Fortune 100 as well as military and government installations—trust VMware to virtualize their mission-critical applications.