April 2010 - Posts
This may a cloned version rather than new attacks by the original authors. Nevertheless, this botnet was very effective for many months until it finally mitigated about 2 years ago.
Storm Worm Botnet - It's Back
http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=224700110
QUOTE: It's baaack: The bot code used in the infamous, massive Storm botnet that was taken down nearly two years ago is being used to build another spamming botnet. Researchers have reverse-engineered the tweaked version of the original Storm code, which so far has spread somewhere between 10,000 to 20,000 machines.
Researchers don't know for sure whether it's the same botnet gang that drove the original Storm and then its predecessor, Waledac -- both of which are no more -- but they have identified two-thirds of the same elements in this latest version as in the original Storm code version. Noticeably missing is Storm's trademark peer-to-peer component: This version is all HTTP-based rather than the hybrid P2P/HTTP approach in the old botnet, which at one point swelled to a half-million bots. Storm began to fade away in the fall of 2008 after researchers were able to successfully disrupt its operations on more than one occasion.
Joe Stewart, director of malware research for the counter threat unit at Secureworks and known for his previous research on Storm, says he believes another person or group has procured the code and stripped out the P2P element. "From everything we've seen, it looks like the original Storm crew moved to Waledac...so what strikes me is that they stripped out the P2P and sold the spam code to another group to build a more simplified botnet," Stewart says.
I've been also beta testing Office 2010, with especially heavy use of Excel and Word on serveral PCs. It also offers some great security checks. As a prior blog post note it was extensively code checked using fuzzers and over 1600 potential issues were corrected. Two thumbs up from me also :-)
Office 2010 - A Deep Dive
http://blogs.zdnet.com/Bott/?p=2042
QUOTE: Office 2010 is a surprisingly deep, thoughtfully designed, well-engineered collection of software programs. The more I dig, the more I like the small but useful touches that the Office design team has wrought. That’s not just my opinion, either. I’ve heard variations on that sentiment from dozens of correspondents, including a few who are Office skeptics. Much of the work in Office 2010 is cleanup and polishing, smoothing over rough edges, making common features work the same across apps, improving performance. In some striking ways, Office 2010 is to its predecessor as Windows 7 is to Windows Vista. And that’s not a bad thing.
PDF files are becoming a key method for malicious attacks as documented in these four informative articles. Attacks are increasing in terms of volume and complexity.
AVERT Labs - Surrounded by Malicious PDFs
http://www.avertlabs.com/research/blog/index.php/2010/04/26/surrounded-by-malicious-pdfs/
QUOTE: Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009. Today malware involving malformed PDF file are legion. From less then 2 percent of malware directly connected to exploits in 2007 and 2008, they have reached 17 percent in 2009 and 28 percent during the first quarter of 2010.
Trend - PDF Exploit Becomes a Little More Sophisticated
http://blog.trendmicro.com/pdf-exploit-becomes-a-little-sophisticated/
QUOTE: PDF files—or their inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered. Modified versions of this file type have been especially notorious these past few months since they are capable of attacking user systems by initially exploiting inherent vulnerabilities found in Adobe Reader and Acrobat.
Sunbelt - PDF file with a malicious downloader agent embedded
http://sunbeltblog.blogspot.com/2010/04/using-pdf-file-as-downloader.html
QUOTE: It uses a script in a PDF file to install a back door that starts up whenever Internet Explorer is launched. The infected svchost.exe file that it drops has been around for a while, but using a malicious PDF file to drop it is the interesting new twist. We’ve seen other reports of similar malware out there today.
Sophos - Postal Theme PDF SPAM
http://www.sophos.com/blogs/sophoslabs/?p=9413
QUOTE: The Bredo malware-spammers are back, and they’ve been reading about how to run executable files from a PDF using /Launch, a trick we’d already started to see used by malware. This latest spam campaign uses this technique (it’s not really exploiting a vulnerability as such, since PDFs were specifically designed to be able to do this) in a slightly modified format.
It's always important to stay as current as possible, so that the most TWC compliant products can help provide good security and functionality. As Windows 2000 Server will end its extended support on July 13, 2010, some valuable links were found in researching EOL information:
Microsoft EOL Product Information
http://www.microsoft.com/windows/lifecycle/default.mspx
Microsoft EOL FAQ (Excellent)
http://support.microsoft.com/gp/lifepolicy
Microsoft Service Pack EOL information
http://support.microsoft.com/gp/lifesupsps
Windows 2000 Server EOL information
http://support.microsoft.com/lifecycle/?p1=7274
A new ZBOT variant now uses a file infector approach to embed connection logic into infected executable files. When these infected executable files are run, it will attempt to connect to a malicious server and download even more malware agents.
ZeuS/ZBOT Tries Out File Infection
http://blog.trendmicro.com/zeuszbot-tries-out-file-infection/
QUOTE: ZeuS/ZBOT is best known for its information-stealing routines via the use of configuration files downloaded from their home sites. They are created using toolkits that allow remote control of the malware. Getting them to infect target systems is the tricky part. Cybercriminals have thus tried utilizing drive-by downloads, spammed messages, worm propagation, and many more ways. This time, they are trying out file infection.
The malware detected by Trend Micro as PE_ZBOT.A injects code into target files and modifies its entry point to redirect to its code. This allows the malware to run its code whenever the infected file is executed. It then attempts to connect to the remote sites from which it downloads and executes malicious files that allow it to steal information from an affected system.
Microsoft has released a corrected update for MS10-025 for Windows 2000 Server only (running Media Services). Issues were experienced in it not being fully effective. This patch should be promptly applied.
Microsoft Re-Releases Withdrawn Windows 2000 Patch
http://blogs.pcmag.com/securitywatch/2010/04/microsoft_re-releases_withdraw.php
http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
QUOTE: Microsoft has re-released MS10-025, an update for Windows 2000 Server running Windows Media Services. No other versions of Windows are affected. Microsoft had originally issued this patch this last Patch Tuesday, but withdrew it about a week later, stating that it did not, in fact, protect users against the vulnerability. How the patch was released in this state was not revealed. The new update, they say, actually fixes the problem, which is a stack overflow in Windows Media Services, a component not installed by default on Windows 2000 Server. If you applied the original flawed patch, you do not need to remove it in order to apply the new version.
I remember fighting this one and working very long hours that week. However, our company came through fine with minimal impacts. After CIH and Melissa in 1999, we actively monitored Message Labs top ten viruses constantly to look for new attacks and outbreaks. Very early during the day of the attacks, I saw an infection spike labeled as "Unknown" which was far higher than any previous incident.
Some of our users called the Help Desk, based on our Active Security awareness program. They were getting numerous copies of an unusual email labeled as "I Love You' . We quickly sent out an all employees bulletin for individuals not to click on these attachments, as they were suspect. I was also receiving numerous copies in my business and personal email accounts as well and knew this had to be a serious attack.
Soon, McAfee and other vendors alerted us that this was a serious worldwide outbreak. We continued to send out all employee bulletins and applied the protective McAfee DAT file as soon as it become available. Our company was fortunate as no downtime was experienced and less than 5% of our users were infected.
This multi-billion dollar attack represented one of the turning points for many users to avoid clicking on attacks. Also, companies began to invest more heavily in security defense tools. While massive attacks like this are rare, the more recent Conficker worm attacks represents a good case for proactive monitoring and ensuring patches and technical defenses are up to date.
I Love You On Our 10th Anniversary
http://blogs.pcmag.com/securitywatch/2010/04/i_love_you_on_our_10th_anniver.php
10 years ago this coming week an important and unpleasant event occurred: The ILOVEYOU virus. It was, at the time, the biggest malware event ever, and inspired a generation of script kiddies and greedy, sociopathic programmers. I asked Dave Perry of Trend Micro, an old pro in the field, about the lessons of the Love Letter. It hit on May 4th, 2000. Like all e-mail viruses of that age it was right out there in the open: The subject line was "I love you"—a notion appealing to many of us, and sent before we all learned to be skeptical of unsolicited solicitations in e-mail.
More information on the Loveletter virus
http://en.wikipedia.org/wiki/Loveletter
QUOTE: The worm began in the Philippines on 5 May 2000 and spread across the world in one day, moving inexorably on to Hong Kong and then to Europe and the US,[1] causing an estimated $5.5 billion in damage.[2] By 13 May 2000, 50 million infections had been reported. Most of the damage cited was the labour of getting rid of the worm. The Pentagon, CIA, and the British Parliament had to shut down their mail systems to get rid of it, as did most large corporations.[4]
This particular malware caused widespread damage. The worm overwrote important files - music files, multimedia files, and more - with a copy of itself. It also sent the worm to everyone on a user's contact list. Because it was written in Visual Basic Script and interfaced with the Outlook Windows Address Book, this particular worm only affected computers running the Microsoft Windows operating system. While any other computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected.
The new "opt in botnets" are surfacing from malicious web 2.0 applications (like Facebook or Twitter). As the Damballa white paper reflects these are highly sophisticated military grade malware attacks.
New Opt-In Botnets
http://blogs.zdnet.com/security/?p=6268
QUOTE: What’s more devastating than a DDoS attack launched by a botnet? In some cases, that’s the DDoS attack launched by the “opt-in botnet” aggregated through a crowdsourcing campaign. Damballa’s recently released report “The Opt-in Botnet Generation: Social Networks, Cyber Attacks, Hacktivism and Centrally-Controlled Protesting” describes the increasing sophistication of cyber-protesting tools, for launching political protests around the globe.
What exactly is an opt-in botnet? What are some of the most notable cases where it has been successfully used? How can you disrupt a opt-in botnet given that the command and control server is in the hands of every user knowingly participating in it?
Damballa’s report describes “opt-in botnets” as:
“In practically all criminal botnet cases in the past, the owners or users of the bot-infected computers have been unwitting participants in an attack. This aspect of botnet participation fundamentally changes in the context of cyber-protesting, since as users intentionally install botnet software agents, subscribe to a particular CnC, and choose to participate in coordinated attacks against a target category. Whether it’s because of a vagueness in the understanding of laws governing cyber attacks and electronic denial of service, or a perception of only being a small cog in a much wider effort that will never result in them being singled out, there seems to be few inhibitors to taking protesting in to the cyber world and taking an active role in the call to action.”
Just like real botnets, opt-in botnets need a command and control server from where to issue new commands, and accept status reports on the success/failure of the DDoS attack. What’s particularly interesting about opt-in botnets is their reliance on popular social networks such as Facebook, or micro-blogging services like Twitter, both acting as the command and control center for scheduling the attack, and distributing the attack tools.
White Paper: The Opt-in Botnet Generation
http://www.damballa.com/research/optinbotnet/index.php
The last few years have shown a steady increase in the sophistication of the tools and tactics the disaffected use online. Social networking applications, Web 2.0 technologies and the general availability of what can best be described as “military grade” cyber attack tools make it a trivial task for protestors to launch crippling attacks from anywhere around the world. Topics covered in this white paper:
■ Hactivisim: Past and Preset
■ A Protester's Tool chest: Tools and Techniques Used
■ The Social Networking Element
■ The Opt-In Botnet
Several best practices for IT Security departments are reflected in the links below:
Microsoft Technet Security Newsletter April 2010
http://technet.microsoft.com/en-us/security/dd162324.aspx
IT Security Requirements for the New Decade
http://technet.microsoft.com/en-us/security/ff604959.aspx
QUOTE: Best practices for the new decade ahead include:
* Continuous Risk Assessment
* Current Corporate Policies
* Design Secure Workflows
* Technological Defenses
* Active Security Awareness
* Active Treat Monitoring
* Network Vulnerability Assessment (NVA)
* Promoting Security
Facebook has quickly become one of the top Internet sites in the world. In joining this web 2.0 resource last year, I can see why this highly social environment has grown quickly. As we interact with our contacts, it is important to ensure that privacy and safety always come first.
My use of Facebook is more from a professional standpoint than social interactions currently. I often ignore some of the special invitations to click on items from existing friends (e.g., Farmville and other special themes). I always refuse invitations from individuals I don't know, (especially if unusual names appear that could be generated from a worm).
The key concern is security related. Brand new Koobface attacks or malicious URLs can directly infect vulnerable PCs. My true friends also know that I'm security conscious - even if I don't click on that beating heart or rescue the Farmville baby ducks from danger :)
Facebook - How to Decline offers without offense
http://www.reuters.com/article/idUSTRE61L1WL20100222
QUOTE: "Can I be your friend?" might work as an ice-breaker among small children, but it's not a question you hear often between adults, at least not outside of Las Vegas. Friendship, it is generally understood, is a relationship that evolves through shared interests, common experiences and a primeval need to share your neighbor's power tools.
Yet for many people, Facebook permits a return to the simplicity of the schoolyard. Rather than inviting someone to be our Facebook friend only after we've become friends in the real world, many of us are using Facebook as a short-cut around all that time-consuming relationship building.
Why bother asking someone you've just met questions about their family, interests and ability to run a farm or aquarium, when you can simply send them a friend request and read the answers in your Facebook news feed? And so we think little of receiving friend requests after we meet someone for the first time at, say, a dinner party.
"Or you can say, Thanks for asking me. I'm keeping Facebook for my family and friends. I'm asking you to join me on my professional network instead.'" Pachter said that whatever you do, it's important not to offend your colleague -- and that's not just because politeness is good etiquette.
Since the TWC initiative in the early 2000s, Microsoft has improved security significantly in their latest versions of Windows, Office, IE, and other products. As this article reflects, the user plays a vital role in staying safe as well, as their security is only as good as what they put into practice.
Microsoft Security - Ten Reasons why they should not be blamed for issues
http://www.eweek.com/c/a/Windows/10-Reasons-You-Shouldnt-Blame-Microsoft-for-Windows-Security-Issues-758242/
QUOTE: Microsoft sometimes gets a raw deal when it comes to security. The software company is often targeted as the reason why security outbreaks occur. But it's not always Microsoft's fault. Here, eWEEK looks at why Microsoft gets a bad rap when it comes to Windows security.
But that doesn't mean that Microsoft is always to blame. Quite the contrary, there are times when the software giant is totally innocent. In those moments, users might want to point their fingers at third-party software developers. They might also want to look in the mirror. Yes, when it comes to security, users and third-party developers are as much to blame as Microsoft.
Microsoft is certainly not innocent in any of the security woes affecting Windows or its other software. But it's not always to blame. And it's important to remember that.
SUMMARY OF TEN REASONS
1. Third-party holes - Third-party programs don't always have adequate security protocols in place to ensure that data is kept safe. Worst of all, the apps aren't always updated as often as they should be.
2. Out-of-date software - If we don't update our third-party programs, there isn't much Microsoft can do to protect us.
3. Out-of-date antivirus and anti-spyware programs - Running antivirus and anti-spyware programs that aren't fully up-to-date is almost as useless as running nothing at all. As new issues crop up, security vendors are constantly updating their programs to keep user data secure.
4. Users open attachments that they shouldn't - Unless a person is expecting an attached file from a known source, opening documents from within an e-mail program is never recommended. For years, malicious hackers have been using e-mail to take advantage of users who seemingly never learned that opening an e-mail attachment from an unknown sender is a bad idea.
5. Users surf to sites that they shouldn't - But that still doesn't stop folks from going to sites that contain malicious files. It also hasn't stopped them from falling victim to phishing attacks on sites that look like a bank Website or credit card page. A tremendous number of people are still browsing sites that wreak havoc on their machines or their lives.
6. Where are all the passwords? - Without a password controlling access to a machine, anyone can sit at someone's desk, boot up the PC and start stealing sensitive information. Why haven't more people applied that lesson to protecting their home PCs?
7. The passwords are there, but why are they all the same? - Having a password is a great first step, but making passwords to different sites identical, or even making them easy to break, is about as useless as having no password at all.
8. Running in administrator mode - It might make using the PC more convenient, but it also gives malicious hackers access to anything they want on the computer. Some security experts say if PC owners run their computers in limited-user mode, they can eliminate many of the security woes that currently plague the average Windows user.
9. Windows updates - Windows updates could mean the difference between safety and an outbreak on a user's computer. As annoying as they might be, Windows updates are integral to the safety of a computer. Whenever Microsoft patches its operating system, users
should be ready and willing to update Windows as soon as that update is available.
10. Education - Users need to realize that education could easily help them avoid many of the problems that plague them on a daily basis. With better security education, the Web would be safer, thanks to fewer people clicking over to malicious sites.
During the first quarter of 2010, advertising click fraud is estimated to have increased 2-4% from the prior quarter.
Cybercriminals increase Internet advertising click fraud
http://www.usatoday.com/tech/news/2010-04-26-clickfraud26_ST_N.htm
QUOTE: In the first three months of this year, 17% to 29% of clicks to online ads were fraudulent, according to separate estimates by Click Forensics and Anchor Intelligence, leading suppliers of click fraud detection technology. That's up from 15% to 25% in fourth-quarter 2009. Advertisers pay website owners every time someone clicks on one of their online ads. Fraudulent clicks can occur manually, by an unscrupulous website owner, or by someone looking to waste a rival's ad budget.
Most often, click fraud is the work of cybercriminals who put up websites carrying online ads and no other content. The criminals then retain the services of cybergangs in control of sprawling networks of infected PCs, called botnets, which are directed to repeatedly click on the ads. This triggers payments to the crooks who put up the Web page.
Corporations have a legal right to monitor employee activities for security purposes, when business equipment is being used (in the United States and it's territories). However, it is important to establish clear guidelines and actively promote them in banner messages and as part of corporate policy. There should some balance in these guidelines to respect personal privacy as long as security is not being violated.
Can company read personal e-mail sent at work?
http://itmanagerdaily.com/can-company-read-personal-e-mail-sent-from-work/
QUOTE: Do employees have a right to privacy when using personal e-mail accounts, even when they send the messages at work? A recent court decision provides some answers. The company argued the employee had no such rights — its computer use policy stated that anything done on workplace computers could be monitored. But the court disagreed. The judge ruled the employee had a “reasonable expectation of privacy,” because the policy didn’t mention that e-mails sent using a personal account would be saved to her hard drive.
It didn’t matter that she sent the e-mails at work — she was using a password-protected account, and therefore assumed the company wouldn’t be able to read them. Add to that the fact that the e-mails were between the employee and her lawyer, and the court ruled the company was at fault when it read the messages and tried to submit them as evidence.
In most cases, whether monitoring is legal or not comes down to one question: Who owns the e-mail? In other words, are the messages stored on the company’s network or by a third party (as is the case with personal accounts, like Yahoo and Gmail)? While employers are normally within their rights to monitor employees’ work e-mail, courts will usually draw the line when the data’s stored by a third party. Also, keep in mind:
» Have a clear-cut computer use policy – Employees can also win in court when they show they have a “reasonable expectation” of privacy. So inform all employees that their Web use at work will be monitored — and think twice before conducting any monitoring that isn’t clearly mentioned in the policy.
» Train managers – Some supervisors will go to great lengths when they suspect an employee of wrongdoing. But they should be warned that an investigation could become an invasion of privacy.
IT Manager Daily
http://itmanagerdaily.com/
While many companies and individuals avoided impacts with DAT 5958, it was a serious one as it disabled a key Windows service and PCs would not boot in normal mode. CNET earlier quoted an estimate of a 1.5% impact, but I believe McAfee eliminated that from the referenced post. Later MSNBC, noted security experts estimating a 10% impact which is more likely
McAfee blog entries on DAT 5958 issue
http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/
http://siblog.mcafee.com/support/a-long-day-at-mcafee/
http://siblog.mcafee.com/support/an-update-on-false-positive-remediation/
McAfee CEO comments
http://siblog.mcafee.com/ceo-perspectives/open-letter-to-mcafee-customers/
McAfee resources on DAT 5958 issue
http://vil.nai.com/vil/5958_false.htm
CNET Article reported an initial 1.5% impact
http://news.cnet.com/8301-1009_3-20003074-83.html
MSNBC article reflects possibly 10% impact
http://www.msnbc.msn.com/id/36714066/ns/technology_and_science-security/
QUOTE: The big problem is that in most cases it can not be done remotely. Someone has to walk up to the affected system, reboot it in safe mode, apply the fix, and reboot it again. This can take a long time if the systems are not close to each other, or if there is only limited onsite staff."
This article was published on October 6, 2009 by Jaime Chanaga in a security blog targeted for IT executives. A foundation of trust is established, when ethical conduct is exhibited by IT professionals.
Ethics in Cybersecurity
http://www.cxosecurity.com/2009/10/ethics-in-cybersecurity/
QUOTE: As working professionals in our respective career fields, there should never be a question as to where our moral compass is showing the way. As a management consultant, technology executive, and security professional, one thing has always been clear in my mind—the value of personal ethics in all I do. Have I made my share of mistakes in my career? Absolutely. Have I learned from those mistakes? Yes! Remember that being an ethical person does not guarantee you will not make mistakes.
One of the best lessons I’ve learned is that having clear personal responsibility and ethics your words and actions in the security profession is more important than all of the technical or formal knowledge you acquire in the security profession. Trust your moral compass. Do what is correct, ethical, honest, transparent, and good for your clients, your organization, your community, and our world.
IT Security for Executives Blog
http://www.cxosecurity.com/
The new USB 3 standard will provide awesome performance for new devices by using a special adapter. The USB 3 interface has the USB 2 adapter fit plus 5 more contact pins that provide the high speed transfer rates.
USB 3 - First Hard Drives Arrive
http://www.networkworld.com/news/2010/040610-usb-30-first-hard-drives.html
QUOTE: When you're in front of your PC, waiting for something to transfer to removable media, seconds can feel like minutes, and minutes like hours. And backups to USB 2.0 appear to crawl along at a snail's pace--so much so that users often become reluctant to perform that essential chore.
Such data-transfer scenarios are where the new SuperSpeed USB 3.0 standard and its theoretical, blazing-fast throughput of 5 gigabits per second--as promised by the USB Implementers Forum (USB-IF)--will change your life for the better. And if our tests of four new USB 3.0 hard drives from Buffalo Technology, Iomega, Seagate, and Western Digital are indicative, the change will be dramatic.
As such, the USB 3.0 connector has design changes to accommodate the extra data lines. If you examine the inside of a type A USB 3.0 port with its familiar rectangular shape closely, you'll see that it shares the same size as a USB 2.0 port as well as the original four USB 1.1/2.0 contacts. However, the port also has an additional five smaller contacts for the new USB 3.0 lines. When you plug in a 2.0 connector, it uses the four original contacts; when you plug in a USB 3.0 connector, it taps into the other five.
The bad guys have copied the designs of many AV products to create fake versions, that closely ressemble the real product. A new security rogue is circulating that closely emulates Microsoft’s Windows Malicious Software Removal Tool. Users should always be cautious if they see popups that claim a PC is infected and they are then offered a $39 or $49 solution to clean their PCs.
Microsoft MSRT - Fake version circulating as security rogue
http://blogs.paretologic.com/malwarediaries/index.php/2010/04/08/msrt-not/
QUOTE: Microsoft’s Windows Malicious Software Removal Tool is a popular utility that removes various malware infections. Microsoft updates the tool on the second Tuesday of each month. It is part of the Windows update, so you may or may not be aware of having seen it before.
What are security rogue programs?
http://en.wikipedia.org/wiki/Rogue_security_software
The security, reliability, and performance of Windows 7 have been excellent since it's initial introduction. Traditionally, corporate IT administrators have waited until the first service pack is available prior to implementing new product versions. The eWeek article below shares 10 reasons why it might be better not to wait, especially for new PC deployments:
Ten Reasons Why You Shouldn't Wait for Windows 7 Service Pack 1
http://www.eweek.com/c/a/Enterprise-Applications/10-Reasons-Why-You-Shouldnt-Wait-for-Windows-7-Service-Pack-1-646963/
QUOTE: In the past, waiting until a service pack was released was typically the best move when it came to Windows. Windows XP was substantially improved when Microsoft delivered the first service pack. Windows Vista enjoyed similar results when its service pack was released. But Windows 7 is a different story altogether. It doesn't have the kind of issues that XP and Vista did when they first hit store shelves. It's a robust operating system that can be relied on even before the first service pack is released. Simply put, users who are on the fence about Windows 7 shouldn't wait for Service Pack 1. Here are the reasons why:
1. It'll be a small update - According to Microsoft, Service Pack 1 for Windows 7 will be a small update. That's rather interesting news. In previous versions of Windows, the company has released substantial updates to the software that addressed major issues with how the OS performed. Because of that, most folks believed (rightfully so) that it would be a better idea to wait for the first service pack before they jumped to the new operating system.
2. Windows 7 is quite secure- In fact, the operating system boasts most of the security features found in Windows Vista, plus some extras thrown in. It's widely considered one of the most secure operating systems Microsoft has put out. Service Pack 1 will undoubtedly deliver security improvements, but Windows 7 is secure already.
3. Windows XP mode - Users can opt to run a virtual install of Windows XP right in Windows 7. It's one of the better features Microsoft has added to its operating system in a long time.
4. It's not Vista - Windows 7 provides a far more robust experience than Vista. As troubling as its predecessor was, Windows 7 shouldn't be feared the way Vista is feared.
5. Microsoft was smart this time - Rather than release an operating system that it knew would need to be substantially fixed after its release, the company spent more time on the launch version of the operating system. By doing so, it ensured that Windows 7 would be a more capable and reliable operating system than previous versions of the software.
6. It arrived ready for enterprise use - Windows 7 is different. The operating system is ready for enterprise customers. As mentioned above, it provides full compatibility with most legacy products, thanks to Windows XP mode. And with the help of some of the extra security and encryption features built into the operating system, it's a fine choice to use right now.
7. Waiting with Vista isn't a good idea - Microsoft's latest operating system improves upon Vista on far too many fronts for it to be considered a more viable software solution. If users are opting for Vista over Windows 7, it's a mistake.
8. Keeping XP running too long isn't good either - Windows XP computers are starting to get old and unreliable. And due to the success of XP, malicious hackers continue to pelt the old operating system to find holes that would help them exploit users.
9. The Windows 7 deals are going away - From a purely financial perspective, sticking with an older operating system could be expensive. Microsoft works with vendors to offer deals at the beginning of an operating system's availability to drum up demand for the new OS. But as time wears on and folks have no choice but to opt for a new computer featuring Windows 7, all those deals go away.
10. The past is gone - If Microsoft has shown us anything since Windows 7's launch, it's that the company is finally serious about delivering an operating system that people will want to use out of the box.
On Saturday, the new iPad became available and below are some key links related to this new device:
Apple iPad Home Page
http://www.apple.com/ipad/
Key Features and Functions
http://www.apple.com/ipad/features/
Technical Design
http://www.apple.com/ipad/design/
Technical Specifications
http://www.apple.com/ipad/specs/
Professional security testers were able to "get root" on the new iPad one day after it's initial release. This was achieved most likely with a vulnerability in the Safari browser or O/S. There are no exploits in the wild and Apple will most likely release updates to address this issue.
iPad jailbroken in a single day
http://www.macnn.com/articles/10/04/04/early.hack.gets.root.on.ipad/
QUOTE: iPhone Dev-Team member MuscleNerd revealed this afternoon that he has already managed to jailbreak the iPad after just a day of sales. The crack is a variation on the same "Spirit" jailbreak recently used to de-restrict iPhone 3.1.3 and, like the earlier technique, is believed to use a browser-based exploit as part of a trick to get root access and let unsigned apps run on the tablet. It's not yet evident how easily this could be made into an automated process for regular users.
Most jailbreaks to date have used vulnerabilities either in Safari or the OS itself to grant unrestricted access. The combination of the risk to users and Apple's own general discouragement of jailbreaking has led to many of these jailbreaks being rendered inert over time with firmware updates.
More Posts
Next page »