A new Day Zero vulnerabilty in nearly all versions of IE has been discovered and announced publicly by FireEye, a security company.
Continue reading ““Clandestine Fox” eats Windows XP”
There are many candidates for this prestigious post but one of the most deserving is Windows XP. When XP and Windows 8 are hit with the same number of malwares, the infection rate of XP is much higher than that of WIndows 8 – maybe even 5-6 times higher.
Continue reading “Weakest link the in Security Chain – Windows XP?”
Microsoft is releasing best practices for enterprise workers who are considering using their personal technology device for work and play. This business trend, known as BYOD, continues to grow as more devices enter the marketplace giving consumers a variety of choice in terms of functionality and application for work and home.
Examining data from one million devices, Fiberlink, a mobile management firm, examined the often forgotten part of mobility in the workforce — laptops. While IT and security vendors focus on Google’s Android, Apple’s iOS, tablets, and smartphones, Lenovo’s ThinkPad and Dell’s Latitude chug along, remaining a stable fixture in the workplace. According to Fiberlink, almost 50 percent of the laptops observed in their study are running Windows XP.
Read the full article at Network World
When Microsoft Security Essentials started falling behind in effectiveness tests, LifeHacker stopped recommending it.
Microsoft is now officially saying that they’ve shifted their focus and establishing MSE as a "baseline."
Nerval’s Lobster writes “Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular ‘chntwp’ password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. ‘The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,’ he writes. ‘Now let’s be clear: I’m not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.’ It’s a security concern, and one that’s particularly insidious to patch.”
Original article at Slashdot
A 0-day vulnerability affecting all versions of Microsoft Internet Explorer except version 10 on all supported Microsoft operating systems was revealed recently. Microsoft, aware of limited attacks targeting the vulnerability, promised to release an out of band patch for the vulnerability to protect Internet Explorer users from exploits making use of it.
Internet Explorer users have to visit a specially prepared website where the attack is carried out on. A successful attack may give the attacker the same user rights as the user working locally on the computer. It became known that different types of attacks were carried out of which some dropped a trojan on the system.
Internet Explorer users can mitigate the issue by installing Microsoft’s Enhanced Mitigation Experience Toolkit and configuring it to protect Internet Explorer from exploits. Other options that Microsoft suggested to customers was to change the security zone of the Internet and Intranet to high.
A Fix It has been released yesterday that patches the vulnerability on Windows systems, with the promise to release a full patch today.The promised patch has now been released by Microsoft. Windows users can either use the operating system’s built-in Windows Update tool to check for the patch and install it on the system, or download the patch from Microsoft’s Download Center instead once it is released there.
This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.
Original article at Ghacks
In September 2010, Microsoft commissioned a study to see how effectively Web browsers protect users against socially engineered malware and malicious websites, which are websites that look benign, but aim to convince visitors to download and execute malicious software. NSS Labs conducted tests involving six browsers using real-world threats that showed the beta version of Microsoft’s Internet Explorer 9 (IE9) does a better job of defending against real-world malware than any other browser. Continue reading “Assessing Internet Explorer 9”
A lot of questions are raised regarding the effect of auditing on the performance of systems.
Continue reading “Auditing System Impact on Performance – Windows”
In a Windows XP workgroup environment there might be a need to password protect or restrict access to specific folders. Here is a tip on how to achieve this.
Continue reading “Password protect folders in Windows XP Workgroup environment”