February 2010 - Posts
PC Magazine reports on improved security in Office 2010, where it will integrate DEP protective controls that can prohibit certain malware attacks. This can improve malware protection, when malicious scripts are launched in early attacks and vendors may not have AV signatures available
Office 2010 - Data Execution Prevention (DEP) by Default
http://blogs.pcmag.com/securitywatch/2010/02/office_2010_opts_in_to_dep_by.php
Office 2010 - In Depth Article on DEP Protection
http://blogs.technet.com/office2010/archive/2010/02/04/data-excecution-prevention-in-office-2010.aspx
QUOTE: Microsoft Office 2010 will, by default, opt in to DEP (Data Execution Prevention), a feature of recent versions of Windows that helps to prevent vulnerability exploits. DEP causes a program to halt when an attempt is made to execute code in an area of memory marked as data. This is a common technique for exploits, including many that have used malicious Office documents over the years.
WHAT IS Data Execution Prevention (DEP)?
http://support.microsoft.com/default.aspx/kb/875352
QUOTE: Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP, DEP is enforced by hardware and by software.
Office 2010 Beta is available for testing at:
Microsoft Office 2010 - Home Page
http://www.microsoft.com/office/2010/en/default.aspx
The FTC has announced a crack down on fradulent employment at home scams.
Money Mules - Work at home scams to be prosecuted by FTC
http://sunbeltblog.blogspot.com/2010/02/major-us-crackdown-on-work-at-home.html
http://www.krebsonsecurity.com/2010/01/top-10-ways-to-get-fired-as-a-money-mule/
QUOTE: The U.S. Federal Trade Commission today announced that next Tuesday they will hold a news conference to make public details of “a law enforcement sweep cracking down on job and work-at-home fraud fueled by the economic downturn.”
People who sign on as work-at-home employees from Internet ads (also called “money mules”) often are used as conduits for stolen funds that are transferred from the bank accounts of victim individuals or companies who have been scammed by phishing or spear-phishing. The money mules set up bank accounts into which stolen funds are transferred. They are instructed to keep a portion of the funds and wire the remainder to the scammers, who are generally outside the U.S.
Please note that Microsoft will be releasing a number of critcal security updates on Patch Tuesday (02/11/10). Please take out to install these important updates and reboot as prompted. This is one of the most important things you can do to protect your PC.
http://isc.sans.org/diary.html?storyid=8155
http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx
http://blogs.technet.com/msrc/archive/2010/02/04/february-2010-bulletin-release-advance-notification.aspx
QUOTE: Microsoft announced that they will be releasing a total of 13 bulletins next Tuesday. These bulletins will fix 26 difference vulnerabilities. The bulletins affect all versions of Windows.
Fake SSL connection attacks are being flooded to several prominent websites. DDOS attacks are an attempt to deny or greatly slow down access for legitimate users. Hopefully these attacks and the botnet itself will be shutdown.
Pushdo Botnet - New DDOS attacks on major web sites
http://sunbeltblog.blogspot.com/2010/02/pushdocutwailpandex-botnet-attacking.html
http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=222600679
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129
http://isc.sans.org/diary.html?storyid=8131
http://isc.sans.org/diary.html?storyid=8125
MASTER LIST OF WEBSITES BEING ATTACKED
http://www.shadowserver.org/wiki/uploads/Calendar/pushdo_sites.txt
QUOTE: No one is sure why the Pushdo botnet is running a distributed denial-of-service-like attack against over 300 major web sites including the CIA, Mozilla labs, SANS and Twitter, according to the Shadowserver Foundation. Pushdo is also called Cutwail and Pandex.
The botnet has been spewing initial SSL connection requests, causing servers to return an SSL negotiation error. The attacks don’t appear to be of sufficient intensity to knock any of the target sites off line and possible could be a mechanism to mask the botnet’s other traffic. SecureWorks said Pushdo is sending the SSL packets to port 443. The botnet also uses that port for command-and-control traffic.
Last June, MessageLabs estimated that the Pushdo botnet, believed to be the world’s largest, was comprised of 1.5 to 2 million bots that pumped out 74 billion spam messages per day (51 million per minute.) They said 14 percent of the bots were in Brazil, 14 percent in South Korea and 10 percent in the U.S.
The Office 2010 Professional beta was successfully downloaded and installed on my primary PC at home. Users experienced with Office 2007 should be able to use new version right away. It is available after registering with Microsoft as the following site:
Microsoft Office 2010 - Home Page
http://www.microsoft.com/office/2010/en/default.aspx
More Posts
« Previous page