Archive for July 30th, 2012

Microsoft Windows 8 – Offers Improved Security

Security researchers at the Black Hat security conference report low-level security improvements seen with Windows 8 that will enhance protection 

Windows 8 Much More Secure than Windows 7
http://securitywatch.pcmag.com/none/300781-windows-8-much-more-secure-than-windows-7

QUOTE: Researchers Chris Valasek (Senior Security Researcher at Coverity) and Tarjei Mandt (senior vulnerability researcher at Azimuth Security) spend their days seeking ways to compromise security in Windows. They’re good guys; if they find a problem they report it, rather than exploiting it for illicit gain. At the Black Hat conference they reported on their analysis of new low-level security features in Windows 8.

The precise details of what they discovered were barely within the realm of my comprehension. Apparently many doubly-linked lists within Windows 8 are now protected by “pool cookies.” To avoid exploits that involve forcing arbitrary code or data into places it doesn’t belong, Windows 8 randomizes locations for memory allocation and adds “guard pages” as needed. That sort of thing.   In between slides filled with code and intense details, Valasek and Mandt displayed a couple that anybody could understand. The column for Windows Vista was all red, meaning not secure. Windows 7 was close, with just a few green checkmarks. And of course Windows 8 displayed a column of solid green checkmarks. Expert or not, we know that green is good.
 

 

 

Microsoft Windows 7 – Disable third party Gadgets

Black Hat security researchers warn of dangers associated with non-Microsoft based gadget controls in Windows 7 that could be used maliciously.

Microsoft Windows 7 – Disable third party Gadgets
http://securitywatch.pcmag.com/none/300819-kill-your-gadgets

QUOTE: Do you have any gadgets on your Windows 7 desktop, other than the ones that came with Windows? Kill them now! That’s the message I took away from a Black Hat talk by researchers Mickey Shkatov and Toby Kohlenberg. The two took great pains to clarify that the talk represents their own opinions only, wholly unconnected with any employer past or present. Kohlenberg reported that he was initially skeptical. Gadgets are going away, so where’s the value in studying them. “I told Mickey, if I write this code, you owe me.” However, he changed his opinion after some study. Sure, Windows gadgets are going away, but the programming style and frameworks used to make gadgets exist in other areas too, most notably smartphone apps.

Why kill your gadgets? Simply put, they are an egregious security risk. A gadget can do anything a normal application can do, but without many of the protections and limitations applied to programs. “People don’t perceive gadgets as applications, but they are,” said Kohlenberg. “They can do anything any other app can do, and you can do things from a gadget that would immediately be flagged if you did it from a binary.”  He went on to demonstrate a simple gadget that brings up gmail and sends a message to all of your contacts, with the gadget itself as an attachment. Yes, a self-replicating gadget! Sure, this won’t work if you correctly log out of gmail every time you use it. Do you?

Safari 6 – New browser version emerges

New version of Safari has been released as noted below

Safari 6 – New browser version emerges
http://www.apple.com/safari/
http://support.apple.com/kb/HT5364

QUOTE: The new advanced features in Safari make it an even better place to explore the web. Safari searches even smarter so you’ll find web pages faster. It shows you all your open tabs in a great new way. Right from Safari, you can tweet web pages, post them to Facebook, or share them via Mail or Messages

The Internet Association – formed to protect key interests

A new major trade group has been formed to provide a voice for key Internet economic interests to legislators

The Internet Association – PR accouncement
http://internetassociation.org/PR-InternetAssociation-120725.pdf

QUOTE: WASHINGTON – The Internet Association, the nation’s first trade association representing the interests of the Internet economy and America’s leading Internet companies, today named Michael Beckerman as its first President and Chief Executive Officer. The newly-formed Internet Association is comprised of some of the world’s most visible Internet companies and will be headquartered in Washington D.C. Beckerman will lead the Internet Association’s efforts to advance public policy solutions that strengthen and protect an open, innovative and free Internet.

Facebook and Other Tech Giants Form Trade Association to be the ‘Voice’ of the Internet
http://facecrooks.com/Internet-Safety-Privacy/facebook-and-other-tech-giants-form-trade-association-to-be-the-voice-of-the-internet.html

Facebook Scam – Received reports that your account has violated a policy

Scammers use a number of tactics to capture sensitive information, including free offers.  Facecrooks security warns users with a tactic of “fear” to take action or they might lose privileges if they do not respond.  As one must login to respond to this new phishing scheme, it can result in security compromise of one’s Facebook account.  It is important to remain cautious and only respond to legitimate requests.

Warning: We received from other users that your account has violated a policy that is considered to disturb or offend other users.
http://facecrooks.com/Scam-Watch/warning-we-received-reports-from-other-users-that-your-account-has-violated-a-policy-facebook-scam.html

Scam Type: Phishing
Trending: July 2012
Why it’s a Scam:  Clicking on the link in the scam post will direct you to the following URL. This is not a legitimate Facebook domain, but a casual user could be easily fooled by it. If you click continue you will no doubt be presented with an attempt to obtain your Facebook login credentials.