Log on:
Powered by Elgg

bytebyte :: Blog

November 23, 2009

10 immutable Laws of Security

http://technet.microsoft.com/en-us/library/cc722487.aspx

From Microsoft Technet library

The Laws have since been revisited in Technet Magazine - security watch

 

Posted by bytebyte | 0 comment(s)

November 10, 2009

I would presume browser vulnerabilities as opposed to desktop vulnerabilities 

"78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year" 

 http://blogs.zdnet.com/hardware/?p=6094

Be careful out there.                       

 

Keywords: bytebyte, mkis

Posted by bytebyte | 0 comment(s)

November 08, 2009

  

 Find safe-browser technologies that really work


http://windowssecrets.com/comp/091105#story1

 

     

Keywords: bytebyte, mkis

Posted by bytebyte | 0 comment(s)

September 05, 2009

 Take  a malware infection and view the extent of the damage.

 Virus causes £500,000 IT damage
http://news.bbc.co.uk/2/hi/uk_news/england/london/8237085.stm

Sourced from avast webforum.

 

Posted by bytebyte | 0 comment(s)

August 20, 2009

 

avast! Blog -- Various info from avast staff -- Win32:Induc, new concept of file infector?

http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/

I run Microsoft Security Essentials as resident antimalware on this particular machine that I am using, alongside my resident antivirus, which is obviously avast! antivirus. Here is the report on Win32:Induc from Microsoft security portal -- report is dated 18th Aug so Definition: 1.63.1599.0 applies to that date.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628 

 

Keywords: bytebyte

Posted by bytebyte | 0 comment(s)

June 26, 2009

 

testing a new desktop defence is not just about sitting inside a walled garden reading event logs and waiting for alerts... 

All my computers now run Firefox browser except for this laptop, which runs Internet Explorer and has google search as its home page. I am sticking with Microsoft on this project because I am trialing their new antivirus / antispyware solution, which is called Microsoft Security Essentials. Today is day one for me - June 26 2009.

What is testing without taking a few risks.
I've already broken one rule by running two resident antivirus at the same time. I just could not go to the web without the tried and true resident avast antivirus and at the same time I am querying whether the new Microsoft solution (MSE) is an antivirus as we have come to understand the term. I could be wrong, of course, and I stand to get crunched if this trial all turns to custard.

On top of that I am leaving a door open for malware to come through, by running the ASK toolbar as a permanently active sound and video recorder - that is, I do not have to turn my recorder on at all, it runs 24/7 such that anything that I play on the web - video or audio - becomes automatically recorded. Testing should not be all hard work, it also helps if you have a bit of fun - as above, where I am recording a video by Last Town Chorus. The ASK toolbar is custom-build and is not used for search, which task is taken care of by having the google search box as my front page.

I've highlighted with a red rectangle the defence plan as it currently stands in my system tray. I have outlined below the various defence solutions and their purpose.

Personal firewall --- Outpost 2009

Virus detection and identification --- Microsoft Security Essentials

Resident antivirus --- avast antivirus

System Monitor --- Scotty on duty at WinPatrol

 

Keywords: mkis

Posted by bytebyte | 0 comment(s)

June 02, 2009



Not nice to be conveniently provided with an example of drive-by malware attack.

http://securitylabs.websense.com/content/Alerts/3405.aspx

The alert from Websense security Labs would indicate that the insertion of malcode into poorly defended websites and servers for drive-by attacks is increasingly becoming the new face of malware perpetration. Anti-malware agencies are very aware of this recent trend, which over the last year, and particularly in the last 6 months, has increased to almost critical proportions, such that broadcast media - radio, TV, and especially web - are now alerting computer users on a daily basis.

Here is where our recent alert was sparked. The ZDNet bloggers being alerted by the Websense report.

http://blogs.zdnet.com/security/?p=3476&tag=nl.e589

My source for the alert provides a good indication of how the problem becomes acted upon. Avast have been quick to respond to these kinds of alerts.

http://forum.avast.com/index.php?topic=45793.msg383758#msg3837

Because the malware initially resides off the computer user's system and instead sits on a website or server, the onus is on owners and webmasters to take appropriate action once they have been alerted to the infection.

Otherwise the outcome is obvious - whoever clicks the site will have the malware injected into their computer system. In worse case scenario, the injection may activate dormant trojans and viral malware that had been dowloaded at an earlier period, and were patiently waiting the trigger to execute their malicious payloads.

But hold on a minute, weren't we told it was going to be the other way round? Weren't we told that Conficker was going to explode out of our computers and connect with botnets all around the world? Well that is a very possible scenario as well, and that will likely happen, but it will happen more as an everyday occurence, hurting people personally and businesses or networks individually, rather than manifesting as the scourge against humankind that hollywood science fiction might make it out to be.

This is why it is important to protect yourself at an individual level - yourself, your family, your business, your network - on an everyday basis through constant and updated security surveillance. You always need the most recent updates to your systems, your programs and apps, and your browsers - when Windows updates fail, for example, this may be your first signal that you have malware problems.


Obviously, malware perpetration will be changing on a never-ending basis despite certain trends like drive-by attacks becoming the flavor of the times. This will always be the nature of the beast. There are clear indications that Gumblar, a more recent derivative, and inheritor and further propagator of viral infestations that plagued servers through 2008, has supplanted conficker as the prime spreader of malware infections.

http://news.cnet.com/8301-1009_3-10251779-83.html


The most recent alert initiated by Websense would indicate that the trend to drive-by malware attacks from infected websites and servers has yet to reach a peak. It is up to owners and webmasters, who administer these infected sites and servers, to act promptly and securely to clean up their acts.

This is the kind of thing that we want to see.

http://forum.avast.com/index.php?topic=45819.0

 

    

 

Keywords: antivirus, bytebyte, gumblar

Posted by bytebyte | 0 comment(s)

June 01, 2009

 

News bulletins from The Register

 

President Barack Obama enters the cyber security fray

http://www.theregister.co.uk/2009/05/29/obama_creates_cyber_post/

just as  US Army appears subject to another SQL injection attack

http://www.theregister.co.uk/2009/05/29/army_website_breaches/

 

 

Posted by bytebyte | 0 comment(s)

May 28, 2009

June 2009

I have tried to find a suitable roundup of the conficker happening May 2009. I need to move on to other things, in particular, the hijacking of websites through insertion of malcode onto web pages in the form of infectious or corrupt iframes. In this case the malware resides on the website rather than on the user's hard drive. When the malcode iframe is activated in drive-by attack, the malware attempts to injekt a payload, and/or connect with virus variants that may already be resident on the host computer. The drive-by method has been very popular lately and is part of what has been deemed the conficker outbreak.

I thought this time round that I might post a link to The Register website.


          Conficker
          Hold the funeral, it's not dead yet 

          Conficker working group has been quiet lately.

Keywords: antivirus, bytebyte, conficker

Posted by bytebyte | 0 comment(s)

April 01, 2009

So what to think of 'conficker'?

May 3rd 2009
I have waited a month to see what comes out in the aftermath of the April Fools Day conficker alert. I doubt whether there were many who expected a synchronised malware epidemic to arrive April 1st. In many respects, the malware epidemic - if we were to target something substantive - had arrived over the previous months and years, and was / is currently entrenched in a multiple of fashions and formats amongst the patterns of our everyday computer use, and in particular, our web usage. The name 'conficker' is in effect something of a misnomer, more of an umbrella term for the existing condition of malware infections, and a reference to a changing character and channels of malware exploits, especially against Windows and Internet Explorer. A testimony in many ways to a resurgence in malware infections, enabled to an observable extent by adaptations in the practices of the malcreants.

What the April Fools Day conficker alert has done for the war against malware is to bring the various skill sets of anti-malware agencies together at a point in time to more clearly reveal what are the developing direction and changing practices of malware protagonists. Not altogether revealing - as it is, wars are still fought one battle at a time - but still, we have gained a useful picture of the state of play as it now stands, and some indication as to what may occur in the near future.

Keywords: avast, bytebyte, mkis

Posted by bytebyte | 0 comment(s)

<< Back