Archive for July, 2009


MS Joins the “Cloud Club”

Filed Under: Microsoft, Office, Open Source, Security by William — Leave a comment
July 13, 2009

The Complete Guide To Microsoft’s Office 2010.

All cloud computing is the re-emergence of the mainframe to terminal model using hte internet as the mainframe.  However unlike the mainframe the cloud is inherently insecure(I don’t care what these folks say) and if your internet connection goes down OR there is an internet issue in transit you loose access to your data.  This is simply not a good idea from a company known for bad implementations, poor security, and anti-competitive tactics.  MS aside this is sitll not a good idea and I will never be an advocate of putting critical and/or sensitive company data of any kind in “the Cloud”.

Comment

Another Activex Vulnerability but This one is a Zero Day Attack.

Filed Under: Open Source, Security, Security Alerts, Windows by William — Leave a comment
July 11, 2009

Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution.

What does this mean?  Zero day means the bad guys were exploiting it BEFORE anyone else knew about it.  What this flaw menas is that if you visit a website that is hosting video and the video files are necoded in mpeg2(most dvd format movies among others use this) then the video itself can ahve code in it that wil execute and can take over your system without your knownledge.

MIcrosoft and the world, when are you going to realize that you cannot have things able to access the kernel from the browser directly?  It doesn’t matter how many layers of security you put around it a way is going to be found for this exact type of thing to occur.

How do you get around this?  if you are running IE go here. Click the button under enable workaround and install the package.  There is no automated update from Microsoft yet.

Comment

A MIsguided Attempt at Reducing Security

Filed Under: Open Source, Security by William — Leave a comment
July 11, 2009

Full Disclosure: imageshack – pwned for anti-sec..

They also hit an outfit called SSANZ.

Full-Disclosure is not meant to make money.  If full disclosure did not exist many security issues would never be known by anyone except the bad buys.  Companies like Microsoft would never have had to refocus on the lack of security of their products and would never have made the improvments they have.

Some vendors are only moved by full disclosure…some will move if you contact them first.  Others like Microsoft only would move if you disclosed publicly first.  I think full disclosure is a good thing and has enchanced the overall security of the entire software industry.  Just because some “security” vendors have misused full disclosure to profit does not mean full disclosure is a total bad thing.  I think anti-sec is on the wrong side of the wall here.

Comment

Things are Moving Quicky now

Filed Under: Open Source by William — Leave a comment
July 11, 2009

It’s very hard to keep up with things moving as fast as they are. I can relay them verbally faster than typing sometimes. Watch this space for some updates.

Comment