August 2007 - Posts
This appears to be a useful resource for corporate users to improve security settings for IE 7
Internet Explorer 7 Desktop Security Guide
QUOTE: Internet Explorer 7 offers users more protection than previous versions of the browser through a combination of new features and more secure default settings. In keeping with the need to balance security and usability, the default values for these new features and settings have been configured to offer the best choice for a broad range of users.
This white paper examines some of these new features and settings that you can modify to provide a more "locked down" security configuration. This paper does not provide a complete review of all settings, nor is the guidance in it specifically equivalent to the Enhanced Server Configuration for Windows Server® 2003. The settings and features this paper discusses offer additional security guidance for the broadest impact on most users and administrators.
This paper discusses both the Windows Vista® and Windows® XP versions of Internet Explorer. Administrators and system owners can use the guidance in this paper to tighten security settings in the browser to meet their specific needs. The document is structured to provide a description and review of the settings and features the paper discusses. Microsoft recommendations for enhancing the default security settings in some common deployment scenarios are also provided.
We can all probably add items to this great list of tips for conducting better meetings. This is an excellent article sharing sound advice for both leaders and participants
Article: Meetings - The Ten Worst Offenses
QUOTE: Unfortunately, meetings are not an expendable part of corporate America. They are, however – or at least they can seem like – a colossal waste of time. Mind-numbing as they may be, meetings are necessary. If conducted efficiently, they’re useful and can help you stand out in the workplace. Whether you’re the meeting leader or just a participant, prevent yourself from being “that guy” and never make these meeting mistakes:
1. Being Unprepared.
2. Showing Up Late.
3. Being a Meeting Hog.
4. Sitting Silently.
5. Expressing Rude Body Language.
6. Conducting Sidebar Conversations.
7. Arguing or Putting Others Down.
8. Leaving Your Cell Phone On.
9. Chewing Gum.
10. Shutting Down After the Meeting.
This is one of the better articles I've recently read related to SOX. It shares how the expense aspects of SOX have been exacerbated due to the difficulties in interpreting how to properly comply. Hopefully, improvements will be forthcoming with the New SOX guidelines that should be in effect by year-end. Some quotes from the article are noted below:
Network World Article: SOX - Five years of headaches
It hasn’t been cheap: spending on SOX compliance was $5.5 billion in 2004 and is now more than $6 billion annually, according to AMR Research.
“It was millions of dollars extra that was spent. This was due to people overcomplying, doing far more testing than was necessary,” ...
Whereas today companies focus on 31 so-called key controls, in the days after SOX, public firms were testing for as many as 200 controls, he says.
“It was extremely painful for everybody. Nobody really knew how to comply,” Kamens says. “Because there was so much pressure on public companies to pass, everybody was scared and they did exactly whatever auditors told them to do. Failure was not an option.”
Smaller public companies — technically those with less than $75 million of stock in the hands of public investors — have been granted numerous extensions allowing them to postpone compliance. Currently, they are scheduled to face the requirements of SOX on Dec. 15.
A compliance project approached correctly should cost 50% to 75% less than what companies have been spending, but many businesses insist on an inefficient, bottom-up approach that audits process-level controls like expenditures, payroll and property ...
The August 4, 2007 daily newsletter from www.spaceweather.com warns of the continued circulation of a hoax from 2003 claiming that the Earth is nearing it's closest approach to Mars ever. While true in 2003, the claims were unfounded and annually in August the email hoax resurfaces.
This is one more example of why these alarming messages should not be forwarded to everyone you know. Folks should verify these types of messages to ensure all information is accurate. In most cases, when an email says to "pass it on" to your friends, you should pass it to the recycling bin instead.
Email Hoax - Planet Mars is at closest distance to earth
Additional links on Mars email hoax
QUOTE: BEWARE THE MARS HOAX: It's August, which means it's time for the annual Mars Hoax. An email is going around claiming that Mars will approach Earth on August 27th; the encounter will be so close, the email states, that Mars will rival the full Moon in size and brightness. (Imagine the tides!) Don't believe it.
The Mars Hoax email first appeared in 2003. On August 27th of that year, Mars really did come historically close to Earth. But the email's claim that Mars would rival the Moon was grossly exaggerated. Every August since 2003, the email has staged a revival.
Here's something that is true: Mars is having a close encounter with the Pleiades star cluster, easily seen in the eastern sky before sunrise. Especially good mornings to look are August 6th and 7th when the crescent Moon joins the planet and the cluster to form a pretty celestial triangle. Set your alarm!
About once per year McAfee releases it's latest AV scan engine to improve it's scanning and detection process. In early testing, the new engine seems to be working well for the corporate Enterprise v8.50i. New AV engines usually provide the following benefits:
- Improved performance
- New Algorithms to more efficiently search an ever increasing malware library
- Improved scanning for new technology vectors under attack
- Ability to dig more deeply for malware threats, such as rootkits
- Corrections of any issues in prior engine version
McAfee Virus Scan engine 5200 Download Site
Download site for McAfee engine 5200 update in link below:
Engine-only Superdat File (Intel)
The well crafted e-card attacks (which I still recieve daily) has contributed in created infections among almost 2 million computers. The Nuwar family is very sophisticated malware and it is difficult to remove. In addition to using rootkit techniques to hide on an infected PC, Nuwar creates a botnet client that can be manipulated by the worm authors to send spam or potentially flood a website with a distributed denial of service (DDoS) attack
Storm Worm Botnet of 1.7M could create large DDoS attack
quote: The massive Storm worm attack has built a botnet of 1.7 million computers -- large enough to unleash a highly damaging denial-of-service attack, researchers fear. As the Storm worm grows into a prolonged online siege 10 times larger than any other e-mail attack in the last two years -- amassing a botnet of nearly 2 million computers -- researchers worry about the damage hackers could wreak if they unleash a denial-of-service attack with it.
Between July 16 and Aug. 1, researchers at software security firm Postini have recorded 415 million spam e-mails luring users to malicious Web sites, according to Adam Swidler, a senior manager with Postini. Before the Storm worm began its attack, an average day sees about 1 million virus-laden e-mails crossing the Internet. On July 19, Postini recorded 48.6 million and on July 24, researchers tracked 46.2 million malicious messages -- more than 99% of them are from the Storm worm.
Joe Stewart, a senior security researcher at SecureWorks, noted that the number of zombie computers that the Storm worm authors have amassed as skyrocketed in the past month. From the first of January to the end of May, the security company noted that there were 2,815 bots launching the attacks. By the end of July, that number had leapt of 1.7 million. "It's really gotten enormous," said Stewart. "It's been building with exponential growth. It's one of the largest botnets I've ever heard of."
Storm Worm Erupts Into Worst Virus Attack In 2 Years
quote: Storm worm authors are blasting the Internet with two types of attacks, and both are aimed at building up their botnet.
When I started in IT almost 35 years ago, my first manager noted that we will learn something new in this field each day. That's true and part of the continuing education we need in IT profession. Ten new technologies and their associated skill sets are identified in this article.
Ten Tech skills you should develop during the next five years
QUOTE: If you want a job where you can train in a particular skill set and then never have to learn anything new, IT isn’t the field for you. But if you like to be constantly learning new things and developing new skills, you’re in the right business.
1: Voice over IP
2: Unified communications
3: Hybrid networks
4: Wireless technology
5: Remote user support
6: Mobile user support
7: Software as a service
Targeted phishing expeditions purportedly from the Better
Business Bureau (BBB) have been circulating and it was even noted in
our local news reports. These are usually specifically targeted by
name and email address for management or executives in a company.
These documents are crafted in HTML to appear geniune (except for an
occasional spelling error as highlighted below). Individuals should
verify authenticity with local or state agencies when in doubt and
avoid any links in email.
More BBB Phishing targeted at executives
QUOTE: We have information that executive staff at 3
corporations are still being targeted with emails with mailicious
attachments that AV vendors are finding hard to identify. The best and
ongoing analysis of this highly successful attack is the BBB Phishing
Trojan analysis by Joe Stewart of SecureWorks.
EXAMPLE: "This is an automated email that confirms the
registration of your complaint case number : CX784486090 filed by your
company on 7/29/2007 concerning Online Identity Theft. While The Better Bussiness Bureau Online
does not resolve individual consumer problems, your complaint helps us
investigate fraud, and can lead to law enforcement action.
ATTACHED you will find a copy of your complaint .Please print and keep
this copy for your personal records. We use secure socket layer (SSL)
encryption to protect the transmission of the information you submit to
us when you use our secure online forms. The information you provided
to us is stored securely.
Anti-virus providers must continue to handle an ever increasing load and complexity for handling malware risks.
McAfee notes milestone of 300,000 Malicious items
QUOTE: In 2000 we had a little over 50,000 malicious items. That figure went to 100,000 in 2003. In August 2006 we passed the 200,000
barrier and almost exactly 1 year later, we will be passing the 300.000
barrier. With these huge numbers appearing the handling of samples
can’t be maintained by humans only.
The WSJ article is excellent and provides guidance adjusting
corporate security policies if needed. The article shared a few new
techniques and workarounds I wasn't familiar with (e.g., Google
English-to-English web-filtering workaround).
corporate perspective, you want to encourage folks to use their PCs for
business purposes primarily and allow some personal freedoms. Employees need to know that business equipment and access are being monitored for security reasons
(but the data collected could be evaluated for productivity reasons also).
an employee perspective, they must give your employer an "honest day's
work for your wages" and ensure that any non-work activity is safe
enough that their boss would not bring it up as an issue. Even though
folks are being paid to work, they are spending the best hours of their
day at work and being completely restrictive (e.g., no personal use at
all) can become the genesis for some of the workarounds shared.
Given the dangers out there, it's better to be over-restrictive with corporate policy than lax
. As shared in the article, security controls are a delicate balancing act by both sides
Sharing security awareness and best practices with employees can help
guide them at home and in occasional personal usage of facilities at
work.WSJ Article - Ten Things Your IT Department Won't Tell You
Security is only as strong as it's weakest link and this ISC article shares some good awareness on the need for strong passwords. While companies and home users have strengthened security with firewalls, AV protection, and other tools, a weak easy-to-guess password can let the bad guys right into the front door.
ISC Article: Remote Password Guessing - Concerns, Observations, Recommendations
Always use a strong password (e.g., includes at least one letter, number, upper case letter, special character) for the best level of protection.
Microsoft - How to Create Strong Passwords
Microsoft - Password Strength Checking Facility
More Posts « Previous page