Tag Archives: software

Software Critical Patches September 2013

If you are not the programing language interpreter or software inventor, then, you never know the flaws in the software; you are part of anarchy in the computer age. “The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.” Eric Schmidt, Chairman Google.

Being part of the anarchy, IT should develop strategies for patch management.  “Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred. Patches are additional pieces of code developed to address problems (commonly called “bugs”) in software. Patches enable additional functionality or address security flaws within a program. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches; thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities.” (NIST Special Publication 800-40 Version 2.0, 2005, p. ES-1) Continue reading Software Critical Patches September 2013


Securing virtual servers

Every organization is going for virtualization. The main reason being cost cutting and to ensure maximum utilization of hardware resources. Virtualization has revolutionized the data centre and is one of the key foundational technologies underlying cloud computing. This has made Several companies rushing frantically into deploying virtualization solutions both in their private and public clouds, without taking into account the risks involved.  But when organizations are going virtualization, the technology has got its own inherent vulnerabilities.

Continue reading Securing virtual servers

The Internet Security threat report 2013

The Internet Security threat report 2013 by semantic group has been released. Symantec “maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 51,644 recorded vulnerabilities (spanning more than two decades) from over 16,687 vendors representing over 43,391 products.” (Internet Security threat report 2013). “Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of approximately 69 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, and other third-party data sources” (Internet Security threat report 2013). The report has got in-depth details about the growth of cyber attacks in the year 2012. The biggest area being the mobile malware , this will shock many because the main drive of this is too steal information and track movements.Whats the other new part, Zero-day vulnerabilities continue to trend upward; 14 were reported in 2012.Wait a munute! and you say that you are secure?

Get yourself a copy here. Continue reading The Internet Security threat report 2013

The Microsoft Security Intelligence Report (SIR)

I have skimmed through the report and i cant wait to digest it further. It has critical intelligence details about the security architecture aof Microsoft OS, I truly recommend this for ICT security experts.

The report discusses the vulnerabilities discovered in windows in area of adobe applications, java applications, Document parser exploits,HTML and JavaScript exploits in detailed graphs and statistics. The report also touches on malware, Email threats.

For intelligence diggers, the most interesting bit is how the report comprehensively maps about the most affected area, this will help the security admins to determine the level of security required to secure the systems.

Get a copy here! Ket me know your opinion…

About this report
The Microsoft Security Intelligence Report (SIR) focuses on software vulnerabilities, software vulnerability exploits, and malicious and potentially unwanted software. Past reports and related resources are available for download at http://www.microsoft.com/sir. We hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

Continue reading The Microsoft Security Intelligence Report (SIR)

iPhone Security Unbreakable? Security Gurus Disagree

Is iOS security unbreakable, thanks to Apple’s mix of strong encryption for all data stored on such devices, combined with hardware-controlled PIN entry requirements that make brute-force attacks difficult?

“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” said Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property section in the Department of Justice, during a recent keynote address at a computer forensics conference in Washington, D.C. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted, you have lost any chance of recovering that data.” Continue reading iPhone Security Unbreakable? Security Gurus Disagree

Google forced to temporarily deactivate copy protection for Android apps

Google has been forced to temporarily deactivate a security feature in Android 4.1 (Jelly Bean) intended to make it harder to pirate paid-for apps. The feature resulted in some purchased apps no longer working after devices on which they were installed on were restarted, requiring the user to reconfigure or even reinstall them. According to a bug report on Google Code, affected apps include several live wallpapers and applications with widgets or access to Google’s account system. Continue reading Google forced to temporarily deactivate copy protection for Android apps

Microsoft’s Attack Surface Analyzer matures

Attack Surface Analyzer logoMicrosoft has released version 1.0 of of its Attack Surface Analyzer, bringing the application out of beta status. Attack Surface Analyzer was originally announced in January 2011 and is designed to give developers and system administrators the ability to gauge how installing a certain application will effect the attack surface of a Windows system.The company says that it has received “quite a bit of positive feedback” on the tool and is now ready to make it available to the wider public. Continue reading Microsoft’s Attack Surface Analyzer matures