February 2012 - Posts
ZDNet and other publications note that the 1st consumer beta version of Windows 8 should be available for download tomorrow
Windows 8 Consumer Preview - Launch Date 02/29/2012
http://www.zdnet.com/blog/microsoft/windows-8-consumer-preview-what-should-testers-expect/12052?tag=content;selector-blogs
http://www.pcmag.com/article2/0,2817,2400000,00.asp
http://redmondmag.com/articles/2012/02/23/beta-set-for-february-29.aspx
QUOTE: Microsoft is launching the Consumer Preview of Windows 8 on February 29. By going with the “Consumer Preview” name rather than the traditional “beta,” the Softies are emphasizing that the coming bits are ready for everyday users to try on their x86/x64 PCs and tablets.
Those who will be downloading for the first time the Windows 8 bits with the Consumer Preview won’t have early Developer Preview experiences and expectations against which to compare. Some who have used or seen Windows Phones will likely see the Consumer Preview, with its Metro-inspired Start Screen as similar in look and feel. Those who’ve seen and used the Windows Phone hubs (People, Messaging, Office, etc.) will likely grok more quickly how to work with Windows 8. For the other 99 percent — the non-Windows Phone users out there — Windows 8 is going to look very different and feel unlike previous versions of Windows.
ts launch event starts at 3 pm CET/9 am ET on February 29 in Barcelona. The event is not being Webcast. Nonetheless, we’ll have coverage throughout the day tomorrow on ZDNet on all things Windows 8-related.
Redmond Magazine captures several predictions from industry watchers, including the possibility that Office 15 may include touch screen capabilities.
Office 15 Beta - early predictions noted by Redmond Magazine
http://redmondmag.com/articles/2012/02/25/office-15-getting-touch-enhancements.aspx
QUOTE: Office 15 is scheduled to appear as a public beta this summer, but Foley's sources predict the release-to-manufacturing version of Office 15 will appear in late 2012. A recent roadmap prediction by consulting company Directions on Microsoft did not show Office 15 appearing this year. Instead, Directions on Microsoft expects product releases of System Center 2012 to appear early this year (possibly in April) followed by late-year product releases of Windows Server 8, with the Windows 8 client appearing late in 2012 or slipping into 2013. At the end of this month, Microsoft will release a beta of Windows 8, along with betas of Visual Studio 11 and .NET Framework 4.5. A beta of Windows Server 8 will appear at that time too, according to an InformationWeek article, although Microsoft apparently hasn't announced it.
Redmond Magazine - Windows 8 section
http://redmondmag.com/articles/list/windows-8.aspx
Below is another excellent article from ESET related to potential risks as employees bring their own personal devices into the workplace.
BYOD (Bring your own Device) to work challenge
http://blog.eset.com/2012/02/28/sizing-up-the-byod-security-challenge
QUOTE: Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the workplace, threatening to overwhelm current information security policies, procedures, and controls. A lot of organizations are still assessing the productivity benefits of iPads, iPods, iPhones, Android tablets, smartphones, and so on. At the same time IT managers are trying to weigh those benefits against the risks that come with these devices. But what is the real size and scope of the problem? Are current impressions of an onslaught of insecure mobile devices accurate?
ESET shares an informative early evaluation of the Windows phone 8, reflecting key smart phone security considerations
Windows Phone 8 - early evaluation by ESET Security
http://blog.eset.com/2012/02/24/windows-phone-8-security-heaven-or-hell
QUOTE: While Microsoft was an early adopter in the creation of smartphones with Windows Mobile, it has lagged behind both Apple’s iOS and Google Android, at least until the end of 2010, when Window Phone 7 was released. To date, Windows Phone has only achieved niche status, but has received kudos and critical acclaim, often from organizations and people not known for charity towards Microsoft. Despite the small following so far, both consumers and developers are expressing interest, and Microsoft seems determined to keep a fast-paced released cycle in order to achieve parity in the marketplace. Microsoft seems to be doing a good job of reviewing submitted applications and enforcing its policy. As of January, 2012, there are over 60,000 apps in the Marketplace, and ESET is aware of only four applications that have been removed from the store:
This cloud security product was highlighted at RSA conference:
Cloudlock - New Cloud Security product introduced at RSA
http://securitywatch.pcmag.com/security/294688-rsa-cloudlock-security-for-data-in-the-cloud
QUOTE: "CloudLock was founded with a vision of protecting information wherever it sits," said Zimmerman. "In particular we protect data in the cloud. We focus on Enteprise and mid-market, but can scale down to hundreds of users in a company." Zimmerman described three core pillars of cloud security. Business wants to stay agile and productive. End users want to collaborate and create information. IT needs to balance the needs of both while managing requirements such as compliance and document retention.
CloudLock identifies all documents and content created and shared in the business, for all users. With its just-announced Content-Aware Security Policy Engine, administrators can control just how data is shared. The service also provides an immutable audit trail, which can be an important legal benefit. An online dashboard gives the administrator a high-level view, with the ability to drill down all the way to an individual change on a single document.
QUOTE: ‘We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.’
You can get an overview and read more information about the new policies and terms of services here:
http://www.google.com/policies/
http://www.google.com/policies/faq/
http://www.google.com/policies/terms/
McAfee shares an informative research report documenting the highly customized and polymorphic nature of malware currently circulating in the wild
McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011
http://blogs.mcafee.com/mcafee-labs/mcafee-q4-threats-report-shows-malware-surpassed-75-million-samples-in-2011
QUOTE: The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The cumulative number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with Android firmly fixed as the largest target for writers of mobile malware.
Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.
Trend Labs security warns of fake sites using similar app names to trick users into loading them on their smartphones. Please be careful of any app installed.
Android Malware - Uses Fake Fan Application sites
http://blog.trendmicro.com/fan-apps-now-spreading-on-the-android-market/
QUOTE: We’re seeing more and more scams on the Android Market. Last week, we wrote about a developer that uses popular app names to trick users into downloading fake ones. Before that, we saw a fake Temple Run app making the rounds on the Android Market. This time, we saw 37 more apps that share a similar behavior as the previously reported ones. These are “fan apps,” which means that these aren’t the real game created by the original developer.
Apple Mac users should be careful of potential attacks from a trojan horse which disguises itself as a Flash Player installer:
Flashback.G - New Mac Java Trojan in wild
http://isc.sans.edu/diary.html?storyid=12664
QUOTE: A Mac Trojan named Flashback released last year masquerading as a Flash Player installer appears to back under a new variant. A new variant of the Flashback Java Trojan known as Flashback.G is circulating in the wild running on OS X 10.6 (Snow Leopard). According to Intego, if your system has been compromised, Safari and Skype maybe prone to frequent crashes and find a Java applet. Additional information can be found at:
http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/
http://www.macrumors.com/2012/02/24/flashback-trojan-returns-with-a-multi-pronged-infection-strategy/
http://isc.sans.org/diary/Apple+Improving+OS+X+Anti-Malware+Feature/10951
Studies reflect a trend for improved privacy settings among Facebook users
Facebook - Users make improvements in Privacy protection
http://www.marketwatch.com/story/facebook-users-take-a-sharp-turn-toward-privacy-2012-02-21
http://facecrooks.com/Internet-Safety-Privacy/are-facebook-users-more-privacy-aware-now.html
QUOTE: A study of 1.4 million Facebook users shows a sharp rise in protecting personal information. The most notable statistic was the number of users choosing to hide their friend list. This figure rose over 200% during the 15-month period of the study. Further analysis revealed that women and higher income users were more apt to have stricter privacy settings. Here are a couple of fun Facebook facts from their research:
* In March 2010, 17 percent of users had their friends list hidden from public view. 15 months later this figure rose to 53%.
* Other profile information, such as, age, high school, graduation year, network, relationship, gender, interests, hometown and current city also were hidden more frequently. (12% in 2010 and rose to 33% in 2011)
The 4 digit PIN number used for ATM processing should always be difficult to guess and not easily associated with the person. In review of 32 million PIN numbers the person's birthday was the most common PIN setting.
Banking & Credit Cards - Keep your PIN protected
http://securitywatch.pcmag.com/security/294415-pro-tip-for-thieves-the-pin-is-in-the-wallet
QUOTE: So you've stolen a wallet. You've pocketed the cash, and now you're standing at an ATM with your victim's debit card and only a four-digit PIN standing in the way of the bounty. Four-digit numeric PINs aren't impossible to guess, but at an ATM you only have, what, three guesses before the account is placed on lockdown? According to some statistical math wizards at Cambridge University, your best bet is to enter the person's birthday. The researchers modelled 32 million PIN numbers provided by 32 million PIN numbers provided by the RockYou gaming website breach in 2009, iPhone passcodes, and thousands of online surveys.
PC Magazine highlights a great list of protective techniques:
Android - Best Security Practices
http://securitywatch.pcmag.com/security/294330-four-must-have-android-settings-from-a-security-expert
QUOTE: Any Android user concerned about securing the data on his device should make sure the following Settings are turned on:
1. Enable Lock Screens: Under Settings\Security. Enable Face Unlock, Pattern, PIN, and Password to increase physical security to the device. Slide doesn't do much.
2. Disable USB Debugging: Under Settings\USB debugging. When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.
3. Enable Full Disk Encryption: Under Settings\Security. This will prevent even USB Debugging from bypassing the lock screen.
4. Maintain Device Up-To-Date: Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this, but when you are finally prompted to upgrade your operating system, do so. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.
BONUS: Stick to official app stores. This is far less likely, but an attacker can also discover your PIN lock (which is necessary for him to root your phone) if you accidentally install a malicious app that records your personal data, including PIN. Most malicious apps are distributed through
Bitdefender documents a new trojan attack that embeds itself in a Windows DLL
Malware - New Trojan hijacks Windows DLL
http://securitywatch.pcmag.com/malware/294461-new-dropper-trojan-hijacks-critical-dll
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html
QUOTE: Bitdefender researchers have come across a new Trojan that uses a completely different technique. It patches COMRES.DLL so that whenever the DLL gets loaded it executes the malware code. The malware may not get launched the very minute Windows boots up, but it only has to wait until a browser, communications application, or network tool launches COMRES.DLL.
Of course this shouldn't be possible; Windows shouldn't permit modification of a critical DLL. However, Bitdefender's team found that it does. The threat also makes use of a simpler technique that takes advantage of the way Windows programs load DLLs. In many cases, putting a same-named DLL in the same folder as the victim application will cause it to load the changeling DLL rather than the valid Windows file.
Bitdefender provides more details on this new threat:
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html
The ISC and Apache highlight security features in the latest release
Apache 2.4 Security Features for new version
http://isc.sans.edu/diary.html?storyid=12643
http://httpd.apache.org/docs/2.4/new_features_2_4.html
QUOTE: The Apache Foundation released version 2.4.1 of its popular web server, including a number of interesting changes. Among the features, I would like to highlight some of the security relevant changes:
- More granular logging
- Various changes to timeouts
- Changes to the proxy configuration
- Apache now includes a "mod_session" that will have Apache take care of sessions
- Mod_ssl has been improved to allow it to check for invalid client certificates via OCSP.
Please be careful when processing taxes online to ensure that security controls, privacy, and confidentially are well maintainged
IRS - Top Tax Scams for 2012
http://www.networkworld.com/news/2012/021712-irs-dirty-dozen-256313.html
http://www.networkworld.com/news/2011/060211-irs-top-10.html
QUOTE: The Internal Revenue Service this week issued its annual "Dirty Dozen" ranking of tax scams the agency says tend to surface around tax season each year. "Taxpayers should be careful and avoid falling into a trap with the Dirty Dozen," said IRS Commissioner Doug Shulman in a statement. "Scam artists will tempt people in-person, on-line and by e-mail with misleading promises about lost refunds and free money. Don't be fooled by these scams."
Two excellent products are reviewed by Network World as noted below:
Network World - Nook Tablet vs. Kindle Fire
http://www.networkworld.com/news/2012/022112-nook-kindle-fire-256394.html
QUOTE: While there are some minor differences in the tablets' overall specifications, the real differences come down to what extra goodies you get from Amazon and Barnes & Noble, such as cloud storage and digital newsstands. In this article we'll break down the similarities and differences between the Nook and the Kindle Fire and deliver a verdict on which tablet is most worthy of your hard-earned $199.
Hardware: Have we mentioned that these two tablets are very, very similar? Well, they are. The Nook Tablet has 8GB of internal storage and a 1GHz TI OMAP4 dual-core processor. The Kindle, in contrast, features ... 8GB of internal storage and a 1GHz TI OMAP4 dual-core processor! The biggest difference hardware-wise is the significant improvements in battery life that B&N is promising to deliver with the Nook. So while the Kindle Fire delivers just eight hours of reading time and 7.5 hours of video time on the Kindle Fire even when the Wi-Fi is turned off, the Nook promises 11.5 hours of reading time and nine hours of video. Not too shabby!
Size and weight: The Nook and the Kindle Fire feature identical 7-inch display screens with resolutions of 1024x600 pixels. The Nook's weight of 14.1 ounces is ever-so-slightly lighter than the Kindle Fire's 14.6 ounces. All in all, though, this comes up as a push.
Operating system: They both run on modified versions of Android 2.3 ("Gingerbread"). There's been no word yet on when either device will get upgraded to either Android 3.0 ("Honeycomb") or Android 4.0 ("Ice Cream Sandwich"), both of which are optimized for the tablet form factor.
Price: As mentioned before, both tablets will set you back $199 so pricing comes out as yet another push.
Extra goodies: Finally! A clear, definable difference between these two cheapie Android tablets!
New release and a recent patched version available
Firefox Version 10 - Home
http://www.mozilla.org/en-US/firefox/new/
Firefox Version 10 - Release Notes
http://www.mozilla.org/en-US/firefox/10.0.1/releasenotes/
This special release on Valentine's Day addresses several security vulnerabilites. Corporate and home users should quickly apply these changes
Microsoft Security Bulletin Summary for February 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-feb
ISC Analysis (always a great resource)
http://isc.sans.edu/diary.html?storyid=12586
Trend Micro Analysis
http://blog.trendmicro.com/microsoft-sends-love-on-february-patch-tuesday-with-nine-advisories/
QUOTE: Microsoft addresses 23 vulnerabilities on the 14th of February. The software giant released nine bulletins and fixed critical flaws in Internet Explorer, an error in a runtime library which can be targeted through Windows Media Player, and flaws in the Windows kernel. Four out of the nine bulletins were tagged as Critical by Microsoft.
Symantec Releases Free Parental Monitoring App for Android
http://securitywatch.pcmag.com/none/293842-symantec-releases-free-parental-monitoring-app-for-android
QUOTE: If you worry about your children’s Internet habits, you have to consider their mobile Internet habits as well. Fortunately Symantec has just released a free mobile parental control app for Android called Norton Safety Minder, which you can download from the Android Market. It's free to use after you sign up for a Norton Online Family account, a free parental control suite for desktops. Norton Safety Minder lets parents openly track and block websites their children access on an Android device, similar to It does so by attaching itself to the default browser in their child's mobile device and blocking sites based on an age category or customized list. Your child will not be able to use any other browserMcAfee Family Protection.
More Posts
Next page »