Windows Sysinternals Live!

"Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/ or \\live.sysinternals.com\tools\.
You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com."

Rapid 7 aquires metasploit!

Let's see how this one pans out going forward!
http://www.csoonline.com/article/505574/Making_Sense_of_Rapid7_s_Metasploit_Acquisition

Attack of the open source zombies

A cluster of web servers serving both legitimate content and malware:
http://www.theregister.co.uk/2009/09/12/linux_zombies_push_malware/

RSA whitepaper on security implications of virtualised environments

Although fairly VMWare/EMC centric in the solutions section, this paper raises some important considerations with regards to security in a virtualised environment related to:

1. Platform hardening,
2. Configuration and change management,
3. Administrative access control,
4. Network security and segmentation,
5. Audit logging.

Registration required:
https://rsa-email.rsa.com/servlet/campaignrespondent?_ID_=rsa.4696&WPID=10393

Clampi Trojan: bigger and better

Another professionally written piece of malware:
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=218800077
http://news.cnet.com/8301-27080_3-10298233-245.html?part=rss&subj=news&tag=2547-1009_3-0-20

Your mobile number available to anyone?

This looks like a genuine worry:
http://news.bbc.co.uk/1/hi/programmes/working_lunch/8091621.stm

This potentially opens the door to more SMS spam to find its way to your inbox.

This should be an opt in service rather than opt out.

You can either send a text to 118800 or do it on their website, which must be hammered as it is down:
http://www.118800.co.uk/

The Guardian seems to confirm this:
http://www.guardian.co.uk/money/2009/jul/13/mobile-phone-directory-suspended

Kon Boot illustrates why physical security still matters most

http://www.piotrbania.com/all/kon-boot/

This little utility allows modification of the Windows and LINUX kernel whilst booting to allow log on without knowing the password.

Crypto attack puts digital sig hash on collision course

At the register:
http://www.theregister.co.uk/2009/06/10/digital_signature_weakness/

NHS had 140 security breaches for the first four months of 2009

http://www.independent.co.uk/news/uk/politics/nhs-loses-thousands-of-medical-records-1690398.html

IIS 6 privilege elevation using WebDAV

Disable WebDAV for the moment:

http://www.microsoft.com/technet/security/advisory/971492.mspx

We truly never learn!

Laptop left in boot of car overnight in Edinburgh contained information about thousands of soldiers...
http://news.scotsman.com/scotland/Army39s-stolen--laptop-sparks.5283785.jp

I use a Mac so I'm ok

Java vulnerability on Mac is still not patched 6 months on:
http://www.theregister.co.uk/2009/05/19/unpatched_apple_vulnerability/

It sounds like it is being actively exploited. The mitigation is to disable the browser's Java applets as well as the "Open safe files after downloading" setting in Safari.

What took them so long to get infected?

The U.S. Marshals Service, a division of the Department of Justice, recently got crippled by Neeris. The virus was first discovered on 12th September 2007. The service was running anti malware, but that had not been updated for three years, and Windows patches had not been applied either.
http://www.networkworld.com/news/2009/052109-marshall-malware.html?hpg1=bn

Worms on the loose...

Windows worm numbers 'skyrocket' according to this article:
http://news.bbc.co.uk/1/hi/technology/7832652.stm

Top 25 coding errors

http://news.bbc.co.uk/1/hi/technology/7824939.stm

Storm Worm botnet cracked wide open

Interesting article, especially concerning the legal implications of eradicating a rather large botnet:
http://www.heise-online.co.uk/security/Storm-Worm-botnet-cracked-wide-open--/news/112385

Kaminsky's DNS flaw story

Not new, but an interesting read in this Wired article:
http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=all

Microsoft's answer on the certificate MD5 collision attacks

http://www.microsoft.com/technet/security/advisory/961509.mspx

UK police encouraged to hack more...

http://news.bbc.co.uk/1/hi/technology/7812353.stm