2006.11.23 Daily Security Reading
by Rodney Campbell on Nov.23, 2006, under Security
The Means to an Endpoint Security
As SSL VPN remote access systems – that is, technology used to connect internal company resources and data to people working from home or on the road – becomes more mainstream, and organizations extend their internal infrastructures to users who are not necessarily employees, endpoint security has become an increasing concern.
The IT world is full of myths and legends circulated via email or simply spread by word of mouth. These legends are not the infamous hoaxes or chain letters, but assume that certain things are true, when they usually aren’t. However, they are so difficult to prove that they are accepted as true without any evidence whatsoever.
Common causes of IT security breaches
Historically, the approach to enterprise security has been to make the fortress bigger and stronger – to install more products, and write more policies. Yet despite heightened security awareness and cutting-edge tools, 2006 was the worst year yet on record for corporate security breaches – continuing the year-on-year escalation of security risk.
Microsoft makes claim on Linux code
Microsoft CEO Steve Ballmer has said that every user of the open source Linux system could owe his company money for using its intellectual property. The statement will confirm the worst fears of the open source community.
Mark Rasch: Vista’s EULA Product Activation Worries
Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice.
Spam Bust: The Lessons of Yesmail
Is your company violating spam laws like Yesmail did? Even an unwitting violation can result in a fine.
Top 10 Web 2.0 Attack Vectors [pdf]
Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. This technological transformation is bringing in new security concerns and attack vectors into existence.
Attack code targets zero-day Mac OS flaw
A security researcher has published attack code for an unpatched flaw in Mac OS X.
On the Power of Simple Branch Prediction Analysis (pdf)
A spy-process running simultaneously with an RSA-process, is able to collect during one single RSA signing execution almost all of the secret key bits.
Is the hacking community running out of fresh ideas?
According to a new report by Kaspersky Lab, the hacking community has run out of fresh ideas when it comes to creating new malware. Malware Evolution: July – September 2006 states that while the hacking community is developing ‘proof of concept’ code for new platforms, it is unlikely that it will translate in to malware capable of causing substantial and lasting damage.
Hackers use virtual machine detection to foil researchers
Three out of 12 malware specimens recently captured in our honeypot refused to run in VMware.
-
Hi! Welcome to Rodney Campbell's Blog!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Follow Me!
April 18th, 2010 on 9:43 am
Kaspersky Internet Security is fast and all in one protection internet user should have. It’s good but expensive. However,I found Kaspersky Internet Security 2010 1 year 1 pc very cheap here
http://tinyurl.com/adfg3tgerg
May 1st, 2010 on 6:14 pm
I always prefer to use Kasperky over Avast or McAfee. Kaspersky is much better in detecting new viruses and it does not consume too much resources on your dektop PC.:`’