Search results for: vulnerability

Weekly Virus Report – Klez Dominance and Bride Worm

Virus news this week has centered around the appearance of Bride.B, and the continued dominance of Klez.I (W32/Klez.I) and Bugbear (W32/Bugbear) in the leading positions of the ranking of the most virulent malicious code, as compiled from data provided by Panda ActiveScan, the free online antivirus from Panda Software. Over the last seven days, of the total number of computers in which ActiveScan detected an infection, Klez.I was the culprit in 13.64 percent of cases, … More

Real World Linux Security, 2/e

In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Greatly written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work. More

Interview with Jacob Carlson, co-author of “Internet Site Security”

Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. In his copious free time he likes breaking things and writing code. Jacob Carlson is also the co-author of the acclaimed “Internet Site Security“. The recent review of this book at HNS was a perfect opportunity to get him to answer a few question. Here we go… How did you gain interest in … More

Critical Microsoft Vulnerability Announced

In the 65th Security Bulletin this year, Microsoft announced a critical vulnerability in Microsoft Data Access Components, a collection of components used to provide database connectivity on Windows platforms. Microsoft’s End User Bulletin notes that the following versions must be updated: Windows NT 4.0, Windows 98, Windows Me, Windows 2000 Microsoft Data Access Components (MDAC) 2.1, 2.5, 2.6 Internet Explorer 5.01, 5.5, 6.0MDAC is included as a default in Windows ME, Windows XP (the vulnerability … More

Computer Virus Families: Origins and Differences

Klez.F and Klez.I or Opaserv, Opaserv.D and Opaserv.H are just some examples of malicious code which due to common characteristics and roots are grouped into families by the antivirus industry. “The biggest families like I Love You or the veteran Marker can have as many as 60 variants,” explains Luis Corrons, Virus Laboratory Director at Panda Software. Sometimes a new variant of malicious code originates from another virus which has been modified. On other occasions, … More

Ubizen Pioneers The Security Dashboard And Leads The Market With Third Generation Managed Security Services Environment

Ubizen OnlineGuardian Services Add Support for Policy Compliance Managers to Monitor Critical Systems for Security Compliance Ubizen(r), the principal provider of Managed Security Solutions (MSS) for global businesses, has announced the release of Ubizen OnlineGuardian(r) 3.0 services. The enhanced service environment provides customers the most intelligent web portal, or Security Dashboard, with a comprehensive event overview for all security devices being monitored and/or managed by Ubizen, and creates incident-level reporting across a customers’ global network. … More

RSA Security Submits Expert Commentary on National Strategy To Secure Cyberspace

Input Into U.S. Government Plan Centers Around Securing Virtual Private Networks, the Use of Multiple Authentication Technologies and Funding For Public/Private Cybersecurity Initiatives BEDFORD, Mass., Nov. 18 /PRNewswire-FirstCall/ — RSA Security Inc. (Nasdaq: RSAS), the most trusted name in e-security(R), today submitted commentary and recommendations to the White House regarding the administration’s recently issued National Strategy to Secure Cyberspace. The company provided overall high marks for the draft strategy while offering specific suggestions relating to … More

Qualys Introduces Per-Scan Pricing for Vulnerability Assessment

Qualys Provides User Flexibility and Cost Savings by Offering Customers Pay-Per-Scan Pricing CSI Conference — Chicago – November 12, 2002 – Qualysâ„?, Inc., the leader in Managed Vulnerability Assessment, today announced the availability of per-usage pricing, a new pricing structure that allows customers to pay for vulnerability assessment services by the scan. The new pricing structure gives customers greater flexibility and cost savings while evaluating their vulnerability assessment needs. This pricing complements Qualys’ current annual … More

Bind Security Vulnerabilities Roundup

1) Original advisory on this topic 2) Vendor response (Internet Software Consortium) 3) Security advisories by Linux vendors 4) Additional information Original advisory on this topic Brief description: ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol … More

Network Associates Extends Leadership Position with McAfee Online Managed Security Services

McAfee Security’s Online Services Detect and Clean More Than 60 Million Infected Files SANTA CLARA, Calif., Nov. 13 /PRNewswire-FirstCall/ — McAfee Security, a division of Network Associates, Inc. (NYSE: NET), today announced that its online managed security services have detected and cleaned more than 60 million infected files, up from 10 million in August 2001. This reflects the trend toward the deployment of online services to maintain consistently updated security protection. As virus and security … More

Fourth Anniversary of Bubbleboy and Self Executing Viruses

This month marks the fourth anniversary of Bubbleboy, the first malicious code to run automatically -without user intervention- by exploiting a vulnerability in MS Outlook and MS Outlook Express. Since its appearance, numerous malicious codes have used this method of propagation. The most notorious examples include Klez.I and Bugbear, highlighting the risk that this kind of virus represents and the need for users to adopt adequate security measures. VBS/BubbleBoy is written in VB Script and … More

Timing the Application of Security Patches for Optimal Uptime

Security vulnerabilities are discovered, become publicly known, get exploited by attackers, and patches come out. When should one apply security patches? Patch too soon, and you may suffer from instability induced by bugs in the patches. Patch too late, and you get hacked by attackers exploiting the vulnerability. We explore the factors affecting when it is best to apply security patches, providing both mathematical models of the factors affecting when to patch, and collecting empirical … More