The Edge : internet

Marketing with Microsoft adCenter

Essential Computer Security — Sun, 20 Jan 2008 03:45:04 GMT

If you have visited a web site recently, it is a virtual certainty that you have seen pay-per-click advertising links. Actually, you are here on my site reading this post, and I have pay-per-click advertising links, so it is an absolute certainty. Most...(read more)

One Third Of Corporate Applications Vulnerable

tonybradley — Sun, 20 May 2007 21:52:00 GMT

According to a report from Danish security vendor Secunia, as many as one third of the applications in use on corporate networks are vulnerable to critical attacks. According to this SC Magazine article, Secunia sites deficiencies in commonly used vulnerability scanners as the culprit. Their point of view is that most vulnerability scanners are only designed to scan for vulnerabilities in the top 20 to 50 applications in use. More obscure products are not scanned and may have unidentified critical vulnerabilities, exposing the network to compromise or exploit. From a risk analysis perspective though, the approach of the vulnerability scanner vendors seems sound enough. The reason that a vulnerability scanner vendor might not bother to scan for an obscure application used by only a fraction of a percentage of corporations is the same reason that it is unlikely that an attacker would exploit it. Attackers are often lazy and use automated tools to identify targets. They tend to seek out exploits that can be leveraged or used against a wide variety of targets. While a flaw in an obscure program might be critical to the fraction of a percent of the companies that use that program, it is relatively unlikely that the average attacker would ever identify or exploit the flaw. I am not advocating simply ignoring these flaws. I do think companies should be aware of the vulnerabilities that affect their network and that steps should be taken to remove or mitigate weaknesses. I am just pointing out that vulnerability scanning and patching efforts should be invested first and foremost in the threats most likely to be exploited, which probably do not include these more obscure applications unless it is a fluke or a highly targeted attack.

Guest on IMI TechTalk Radio Show

tonybradley — Sun, 11 Feb 2007 04:13:00 GMT

Tom D'Auria invited me back to talk more computer security on his IMI TechTalk radio show. I appeared on the show in November of 2006 to promote my book, Essential Computer Security. We did not get to cover all of our questions in the time allotted, so I will be back on the show on Sunday, February 18th. This show will focus on wireless network security, avoiding becoming a victim of a phishing attack, botnets, and the importance of backing up data. Of course, I will also promote my book again.

To listen to the show, you can tune in to KFNX AM 1100, broadcast out of Phoenix, AZ, at 5pm EST on Sunday, February 18. If you aren't in the Phoenix area, you can also listen to the live simulcast of the show on the KFNX web site. Or, as an alternative, you can download an MP3 recording of the entire show after the fact from the IMI TechTalk web site.

Internet Explorer Protected Mode

tonybradley — Tue, 06 Feb 2007 13:33:00 GMT

In Vista, Internet Explorer gets the benefit of some added security. Using WIC (Windows Integrity Control), Vista treats files and processes associated with Internet Explorer as Low integrity as long as it is running in Protected Mode. Internet Explorer Protected Mode is enabled by default and ensures that the Low integrity objects associated with Internet Explorer are unable to write to, act on, or otherwise interact with any objects higher than Low integrity- which is most of the system. For more information, you can read this article I posted on my About.com Internet / Network Security site: Internet Explorer Protected Mode

Windows Integrity Control

tonybradley — Mon, 05 Feb 2007 14:56:00 GMT

With Vista, Microsoft introduced a new security concept to help protect your computer. Rather than relying on discretionary controls, like NTFS file and folder permissions which users can assign and change, Vista also has new mandatory controls. WIC, or Windows Integrity Control (also referred to as MIC, or Mandatory Integrity Control in some circles), assigns an integrity, or trustworthiness, level to each object and uses the integrity levels to control interactions between the objects. The integrity levels are assigned by the operating system and supercede, or override, the dicretionary permissions to protect the computer system. WIC is used throughout the system, but is arguably most noticeable in the Internet Explorer Protected Mode which protects the Vista operating system from malicious web content in Internet Explorer. For more details about WIC, check out this article I submitted to SecurityFocus: Introduction to Windows Integrity Control.

IE6 Vulnerable More Than 3/4 Of 2006

tonybradley — Sun, 07 Jan 2007 15:38:00 GMT

According to a study compiled by the Washington Post's Brian Krebs, Internet Explorer 6 was vulnerable for 284 out of 365 days in 2006. That amounts to over 77% of the year. What does that mean? It means the for 3/4 of the year there were known vulnerabilities affecting Internet Explorer 6 for which no patch existed.

Some were fairly serious zero-day exploits that were being actively exploited in the wild while users waited for an update from Microsoft. Others were less serious, but were still left vulnerable, mostly due to the nature of the monthly Security Bulletin and patch release schedule that Microsoft uses. A flaw that is discovered the day after "Patch Tuesday" will most likely remain unpatched for an entire month until the next "Patch Tuesday". By contrast, Krebs found that the Firefox browser was only vulnerable for 9 days, and IE7 was too new to have any substantial data for this year's survey.

The pro-Firefox, Microsoft-bashing crowd will jump all over this. You can see it in the comments on Krebs' article. I fall into the camp that believes that IE is targeted because of its market share as much as the quality of the code. Firefox or Opera may, in fact, be superior from a security standpoint, but neither is impervious and if they had 85% of the web browser market share we wouldn't be so hyper-focused on the weaknesses of Internet Explorer (and neither would the malware authors). Still, it doesn't paint a pretty picture and Microsoft should take notice and seek to rectify the issue for IE7 and for 2007. You can read Krebs' complete article here: Internet Explorer Unsafe for 284 Days in 2006

Vista Flaw Discovered

tonybradley — Wed, 03 Jan 2007 17:27:00 GMT

Less than a month from its official release to corporate customers, a vulnerability was already discovered that affects Vista. According to Microsoft and others, the vulnerability can only be exploited if an attacker already has access to the system, meaning they would need to be physically sitting in front of the computer or have already compromised through some other means that would provide remote access.

According to F-Secure's Mikko Hypponen, "The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely. It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

The media of course jumps all over the news, stating repeatedly how this is reportedly Microsoft's most secure platform ever. I think most would agree that it is, in fact, the most secure yet. However, "most secure" and "impenetrable" have entirely different meanings. There will still be flaws. Hopefully there will be fewer and hopefully those that are found will not be the type that allow an attacker to gain complete control of vulnerable systems remotely or the type that are easily exploited via a worm or other malware code. But, I am sure that this will by no means be the last Vista vulnerability we hear about.

Unpatched Flaw In Microsoft Word Being Exploited

tonybradley — Wed, 06 Sep 2006 11:27:00 GMT

A flaw in the way Microsoft Word 2000 documents are processed could allow an attacker to execute malicious code remotely on vulnerable systems according to a Secunia alert. Exploit code has been identified in the wild and no patch is currently available, so Secunia has rated the Advisory as Extremely Critical and advises users not to open any untrusted Microsoft Office files. For more information, you can check out the details of the Advisory here: Secunia Advisories - September 5, 2006.