esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
15 Ocak 2013 Salı
RSA Lays Off Security, Sales Staff
Layoffs are part of an ongoing restructuring across EMC caused by acquisitions that officials estimated in 2006 might ultimately claim 1,250 jobs.
14 Ocak 2013 Pazartesi
Application:W32/InstallCore
InstallCore is an advertising module that displayed targeted advertising material.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Microsoft: Critical Vista Patch Coming
Microsoft plans to ship two patches on Jan. 8, 2008 to patch code execution vulnerabilities in its newest OS.
Trojan-Spy:W32/FinSpy.A
Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.
The Year's Worst Case of the Mondays, According to Science
Trojan:W32/Patched
Windows components that have been 'patched' by a malicious application, usually to facilitate the malware's operations. The affected component and the purpose of the patching may vary depending on the malware in question.
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Exploit:Java/CVE-2012-4681.H
Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability.
29c3 Hamburg / DE
The last week of 2012 marked the 29th installment of the Chaos Communication Congress. Organized by the Chaos Computer Club (CCC), the congress is an annual conference on technology and its impact on society. Although the scope may look quite loose, both lectures and workshops typically revolve around privacy, freedom of information, data security and other hacking issues. Needless to say, it has always been a great success; huge, considering that black-hat sized events here in Europe are not that common. Take, for instance, the fact that this year the congress had to be held in Hamburg, as Berlin could not offer a congress center fit enough to host more than 6000 attendees. Trust me, this number was not an exaggeration at all!
Congress Center Hamburg by night. I admit my expectations were quite high: after four long years of scientific symposia going back to more technical venues was indeed putting my brain in hunger-mode. However, having experienced what it means organizing events for medium sized scientific conferences, I was honestly puzzled about turning a huge building such as the Congress Center of Hamburg in a functional place ready to host lectures, workshops, and hack spaces. Boy I was wrong to be worried about it. The event lasted 4 whole days (from the 27th to the 30th) with an impeccable organization: not only were all lectures and workshops flawlessly organized, streamed, and chaired; but also all open spaces were collectivized and used for all kind of hacking purposes, from playing CTF to entry-level courses on the Arduino platform.
The speakers on the other hand could take advantage of extremely well-sized rooms, with the most important talks having available an auditorium able to host more than 2000 people. Nevertheless, I have to say I was forced to learn one thing pretty fast: if you are interested in a topic, and that topic happens to be quite a hot one, well, be ready to get to the room at least 15 minutes before show-time; seriously, being on time never worked; any room, regardless of the capacity, was liable to get full. Believe me, I was really thankful for the flawless streaming infrastructure (watching a talk on my laptop that was taking place just few meters away was indeed paradoxical :) ).
Jacob Appelbaum on stage. The first day's line up was respectable. The keynote was given by Jacob Appelbaum, known for his contributions to "The Tor Project", and also former spokesperson for WikiLeaks. After the usual introductions, he explained the reasons of this year's congress' zeitgeist "Not My Department". We all have heard this sentence at least once in our lives; usually uttered to belittle other people's arguments, it has always been used as an example of a closed mindset at work. Jacob's point was that this attitude is even more detrimental in an inter-connected world. What is the use of a privacy-preserving bill if our data flows through the routers of oppressive governments potentially assembling huge data sets about our lives? A new level of awareness is therefore suggested.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Using TS RemoteApp as an attack vector
So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.
Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.
Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):
At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.
So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.
Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Aaron Swartz, charged with hacking MIT archive system, commits suicide
Web entrepreneur and political activist Aaron Swartz, who made headlines in 2011 when he was charged with hacking into MIT?s network and mass downloading millions of documents from a subscription-based archive, took his life in Brooklyn Friday, according to a statement from his family and partner.
Swartz, 26, hanged himself in his Brooklyn apartment Friday, according to the statement and the New York Medical �Examiner?s Office.
Trojan-Dropper:OSX/Revir.C
Trojan-Dropper:OSX/Revir.C silently drops other malicious programs onto the machine; on execution, Revir.C displays a titillating image to distract the user from the program's malicious activities.
nod32 turkce nod32 full indir nod32 full download full nod32 download
TCS adds clients to beat profit forecast
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
CA issues first-in-U.S. mobile privacy guidelines
California continues to toughen its stance on mobile privacy as the state's attorney general issues privacy protection guidance.
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Your friendly Huawei at CES: Complete with uniformed security
I've watched a few Bourne movies and read quite a bit of John Le Carre.
If I've learned anything -- a substantial if, of course -- it's that if someone accuses you of being a spy, it's best not to act paranoid. The best spies are those whom you would never suspect of being anything but cheery, nice, and self-effacing.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
New Corvette bursts onto the road after 9 years
nod32 turkce nod32 full indir nod32 full download full nod32 download
Time to party! Windows 7 is here!
It's only a few days away. The official launch of Windows 7 is here!
And of course, that means its time to party!!! You may have heard about the Windows 7 House Parties that are being thrown all around the world. Basically thousands of small groups of people are getting together to see what Windows 7 can do.
Personally, I thought we needed to do more. So fellow MVP and friend Charlie Russel and I decided we would throw our own party. But focused on IT pros and not the consumer angle. We plan to have a lot of fun, showing the cool features of Windows 7 for IT pros like BitLocker, AppLocker and DirectAccess. We plan to bring a bunch of laptops and show new shell extensions, Powershell, new multitouch features and basically sit around and enjoy hours of Q&A for those that haven't tried it yet. We are even planning on installing Windows 7 on a guest's Macbook to show how well it does using Bootcamp on Apple hardware and even on small netbooks.
I also wanted to send a message out to the Vancouver IT community to clear up some misconceptions. This is a party hosted by Charlie and myself. This is NOT a Microsoft event. Microsoft was gracious enough to let us use their facility and even sprung for some of the cost for pizza. However, they never planned this out. Nor did the local VanTUG and VanSBS groups.
Our party is an INVITATION ONLY event. Because we are limited in our own budget and constrained in where we could have the party... we only have enough room for 75 people. So we could only allow a certain number of our friends to come. Charlie and I decided the best way to handle this would be to simply invite who we wanted, and then open it to our friends at the local user groups on a first come, first served basis. This is why there is a cap on the registration on the event, and why it booked up so quickly.
I am hearing through the grapeline that there is a LOT of descent in the Vancouver IT community who feel that Microsoft, VanTUG and VanSBS did a poor job organizing this. >LET ME BE CLEAR. This is a personal party that Charlie and I organized. If you were lucky enough to get an invitation and registered, great. But if you didn't, don't take it out on Microsoft, the local usergroups or their leaders. It's not their fault!!!
We are using our own money and time to throw this party. Please be considerate and respect that we couldn't invite all of you. I am happy to see there is so much excitement about Windows 7 and that you wanted to party with us. And I am sorry if you feel it isn't fair that you didn't get invited. Please feel free to share your own Windows 7 experience, and host your own party. We may be the only IT pro party during the Windows 7 launch, but nothing says you can't have your own!
So party on. Welcome to a new world. Welcome to Windows 7!
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Internet activist, programmer Aaron Swartz dead at 26
Anonymous wants DDoS attacks recognized as speech
The loosely organized hackers of Anonymous don't just launch distributed denial-of-service attacks for the lulz. They do it to send a message, which is why they've petitioned the Obama administration to recognize DDoS as a legal form of protest.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
13 Ocak 2013 Pazar
IE flaw may allow Windows PCs to be hijacked, Microsoft warns
Zero-day vulnerability affects versions of the Web browser from IE 6 through IE 8 but not later versions, the company says in a security advisory.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
January 2013 Microsoft Security Bulletins - Start the New Year with XML Core Services, Print Spooler Updates and More
Microsoft starts the new year with a January Security Bulletin Release of seven Security Bulletins. These seven bulletins cover at least 11 CVE. Three of the vulnerabilities need to be addressed immediately with two of the Bulletins. These three vulnerabilities effect XML Core Service components (MS13-001) that can be abused using Internet Explorer as a vector of attack, and a Print Spooler component (MS13-002) that could be abused once an attacker has infiltrated a network, as described in this Microsoft SRD post. This flaw is important to address for organizations that are victims of targeted attacks. Now that Pass-the-Hash techniques are becoming better understood and mitigated, attackers will look to lateral movement alternatives like these. So, while it's doubtful that we would see a fast-spreading worm resulting from this one, but as with Ramnit, it's important for small and medium businesses to understand what ports and services are exposed to the internet and avoid becoming a victim. Either way, these two Bulletins should be addressed immediately.
It's interesting to note that Microsoft is attending to these vulnerabilities, even though they are not yet being publicly exploited according to the company.
Other Bulletins this month patch SCOM components, .NET, and OData Services, as well as a Windows kernel EoP effecting all versions of Windows and an interesting SSL bypass. SCOM is interesting because it is the Microsoft Security Center Operations Manager, and the patch isn't available as it isn't fully tested just yet. On one hand, Microsoft's testing capabilities are unbelieveably complex and thorough, so it's a surprise that this release isn't delivered alongside the others. On the other hand, it's an XSS vulnerability that would require some unusual scenarios to exploit, and the Internet Explorer XSS filter can be enable to mitigate the issue. So this one is a bit obscure to be widely hit. The .NET vulnerability set is a bit more dangerous, because these vulnerabilities can be exploited in combination via web browsers. These vulnerabilities effect versions 1.1 through 4.5 of the Microsoft .NET framework on all versions of Windows, including Windows Server 2012. And finally, OData (Open Data Protocol) services components support fairly newer network exchange protocols used in business and other backend applications as a part of the Windows Communication Framework Data Services. These services are simply available to a denial of service attack.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Internet activist, programmer Aaron Swartz dead at 26
Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.
Trojan:W32/Murofet.A
This trojan attempts to download a file (presumably malicious) from a randomly generated domain.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Return of the Indian phone scammers!
The title of this blog reminds me of the old zombie horror movies back from the 80-ies, but what im going to write here is more like a comedy. Some of you guys have probably read my blog post about the time when i tricked them into accessing websites under my control, which led to me collecting alot of information about the callers.
After that blog post i didn�t receive any calls... until today. I was sitting in my home office, drinking my daily smoothie and writing on my paper for the Virus Bulletin magazine, and suddenly i hear the phone ringing. I don�t care about that anymore, because i hear that my wife answers the phone, but after a few minutes she enters my room and tells me that "they" are calling again.
As always, i booted up my VMware image with a totally FRESH installation of Windows XP and start talking to the scammers. For you who are not familiar with the scam, please read my other blog post which can be found below because i won�t cover it in this post.
http://www.securelist.com/en/blog/208193750/Trying_to_unmask_the_fake_Microsoft_support_scammers
This time the scammers where using some different methods trying to convince me that my compute where infected with some malware. They even gave me the name "Frozen Trojan", and went to Google and tried to look it up for me. But they only ended up on results talking about the bird flue and other biological viruses which i thought was quite entertaining.
Flame
Flame is a sophisticated information-gathering program used in targeted cyber-attacks against organizations and nation states in the Middle East.
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Backdoor:OSX/Olyx.C
Backdoor:OSX/Olyx.C connects to a remote server to receive further instructions, without the knowledge or permission from the user.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Facebook starts pushing out new privacy settings
The latest round of privacy settings has kicked in for members around the world, starting with New Zealand, according to a report.
Trojan-Downloader:OSX/Flashback.I
Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware redirects web traffic.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Trojan-Dropper:OSX/Revir.C
Trojan-Dropper:OSX/Revir.C silently drops other malicious programs onto the machine; on execution, Revir.C displays a titillating image to distract the user from the program's malicious activities.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Rootkit:W32/ZAccess
Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information.
More Bad Drivers on the Information Superhighway
Opinion: In order to prevent bad device drivers from making the system unstable, Microsoft artificially limits the amount of memory available to Windows.
New Skype vulnerability allows hijacking of your account
Last night, reports have appeared on several Russian forums regarding a Skype account hijacking exploit. The information has been made available on several Russian blogs and is now actively exploited in the wild.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Trojan:W32/Ransomcrypt
Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Monitoring-Tool:Android/SpyBubble.A
Monitoring-Tool:Android/SpyBubble.A is a commercially available tracking tool.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Oracle Corp to fix Java security flaw "shortly"
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
12 Ocak 2013 Cumartesi
Trojan:Android/AutoSPSubscribe.A
Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets.
Nortel's legal mess pits bondholders against retirees
(Reuters) - Nortel Networks was once the largest telecommunication equipment company in North America, but since it filed for bankruptcy in 2009 it has earned a new label: one of the world's most complicated legal proceedings. Bondholders, suppliers, governments and former employees from around the globe hold $20 billion in claims based on different insolvency laws and are competing for Nortel's last remaining asset - $9 billion in cash. ...
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
New Android apps worth downloading: Fitocracy, Blockbuster, The Great Fusion
If you?re looking for a little more help keeping fit this year, you might want to give Fitocracy �a try. It turns working out into something of fitness game, adding achievements and social interaction (and competition) to the mix. We?ve also got Blockbuster?s new app, which makes renting DVDs easier for fans of the store and its services, and The Great Fusion, a modern take on the classic point-and-click adventure title.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Netflix gets unfair postal advantage, court finds
Trojan:Android/DroidKungFu.C
Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Trojan:Android/DroidKungFu.C
Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.
Backdoor:OSX/MacKontrol.A
Backdoor:OSX/MacKontrol.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.
Botnets for hire likely attacked U.S. banks
Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the people behind the ongoing DDoS attack campaign against U.S. financial institutions -- thought by some to be the work of Iran -- are using botnets for hire.
Researchers say Yahoo Mail exploit still active, despite claim of being fixed
On Monday, Yahoo told TNW it had plugged a vulnerability in Yahoo Mail that had resulted in email accounts being compromised after users clicked on a malicious link they received in their inboxes. On Tuesday, the information security training and penetration testing firm Offensive Security said it has discovered the vulnerability is still present.
nod32 full download full nod32 download est nod32 serial 64 bit nod32
Your friendly Huawei at CES: Complete with uniformed security
I've watched a few Bourne movies and read quite a bit of John Le Carre.
If I've learned anything -- a substantial if, of course -- it's that if someone accuses you of being a spy, it's best not to act paranoid. The best spies are those whom you would never suspect of being anything but cheery, nice, and self-effacing.
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
The merger of cellular and Wi-Fi: The wireless network's future
Today we talk about 801.11ac, 4G, and LTE Advanced, but what users really want is just fast, reliable wireless networking that works everywhere. According to the experts, we're going to give it to them... eventually.
In a CES panel entitled "Six Wireless Technologies You'll Want to Know," the conversation quickly spun from being an overview of such technologies to how these Wi-Fi and cellular networking were coming together.
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Trojan-Downloader:OSX/Flashback.A
Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.
Microsoft Updates November 2012 - IE, Kernel+Shell, and .NET Critical Patches
Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed. All of them are being updated in six Bulletins this month (MS12-071 through MS12-076). Four of the Bulletins are rated critical with only two of them being rated urgent for immediate deployment by larger customers concerned with compatibility and performance. At the same time, Internet Explorer 10 is not vulnerable to exploitation by the related set of three flaws, and newly released Windows 8 is affected by yet another font parsing flaw described by CVE-2012-2897, similar to the vulnerability exploited by Duqu. The font malware is especially interesting because the Duqu exploit is currently being included in mass exploitation kits alongside widespread Java and Adobe Reader exploits to spread Ransomware, ZeroAccess, and other trojans of all sorts. Even though Duqu was spread years ago, the patch delivered months ago, the vulnerability continues to be included in the kits and successfully exploited.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Coding Tip: Why you should always use well known SIDs over usernames for security groups
So have you ever tried to restrict access to your applications in a way so that you can maintain least privilege?
I do. All the time. And recently it blew up in my face, and I want to share my experience so others can learn from my failure.
Let me show you a faulty line of code:
if( principal.IsInRole( "Administrators" ) )
Seems rather harmless doesn't it? Can you spot the defect? Come on... its sitting right in the subject of this post.
Checking to see if the current user is in the "Administrators" group is a good idea. And using WindowsPrincipal is an appropriate way to do it. But you have to remember that not EVERYONE speaks English. In our particular case, we found a customer installed our product using English, but had a user with a French language pack. Guess what... the above code didn't work for them. Why? Because the local administrators group is actually "Administrateurs".
The fix is rather trivial:
SecurityIdentifier sid = new SecurityIdentifier( WellKnownSidType.BuiltinAdministratorsSid, null );
if (principal.IsInRole(sid))
By using the well known SID for the Administrators group, we ensure the check regardless of the name or language used.
Lesson learned the hard way for me. We have an entire new class of defect we are auditing for, which we have found in several places in our code. it always fails securely, NOT letting them do anything, but that's not the point. It is still a defect. Other accounts we weren't considering were "Network Service" (its an ugly name on a German target) and "Guest". Just to name a few.
Hope you can learn from my mistake on that one. That's a silly but common error you may or may not be considering in your own code.
Backdoor:OSX/Imuler.B
Backdoor:OSX/Imuler.B contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is later forwarded to the remote server.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Backdoor:OSX/Imuler.B
Backdoor:OSX/Imuler.B contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is later forwarded to the remote server.
RSA Lays Off Security, Sales Staff
Layoffs are part of an ongoing restructuring across EMC caused by acquisitions that officials estimated in 2006 might ultimately claim 1,250 jobs.
Vint Cerf: Your shirt shouldn't have Internet access
Google's chief Internet evangelist arrives at CES still bullish on the connected world -- with limits.
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
11 Ocak 2013 Cuma
Hashcat's GPU-accelerated Gauss encryption cracker
2012 was a year full of major security incidents: Flame, Shamoon, Flashback, Wiper, Gauss, and so on. As we are about to turn the page, many unsolved mysteries remain still. Perhaps the most interesting unsolved mysteries are related to the Gauss Trojan: the Palida Narrow font and the unknown encrypted payload.
Previously, we�ve published a blogpost about the encrypted payload hoping that the crypto community will take on the challenge and break the encryption scheme to reveal the true purpose of the mysterious malware.
Trojan:W32/Murofet.A
This trojan attempts to download a file (presumably malicious) from a randomly generated domain.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Malware in the Amazon App Store
Like many others, I took advantage of Amazon.com's sale and ordered a Kindle Fire HD last week. When I got around to exploring the Amazon App Store, it didn't take long before running into malware.
While searching for a particular benchmarking app I was presented with some additional apps. One of them immediately looked suspicious.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Trojan:W32/Patched
Windows components that have been 'patched' by a malicious application, usually to facilitate the malware's operations. The affected component and the purpose of the patching may vary depending on the malware in question.
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
Stealing currency permits from the Government
Right after the Venezuelan presidential elections cybercriminals launched a new credential stealing malware joined by a social engineering campaign saying that supposedly the last election was a fraud. The name of the malicious file is �listas-fraude-electoral.pdf.exe� which is translates to �Fraud elections lists� and it spread via a fake Globovision Venezuelan news TV station. The mentioned malware is quite simple and it sets out to disable the UAC system, which allows the criminals to run administrative commands under restricted users accounts. C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Using TS RemoteApp as an attack vector
So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.
Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.
Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):
At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.
So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.
Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
PlugX is becoming mature
Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is �PlugX�. Researchers have even tracked someone suspected of creating that malware � one of the members of the Chinese hacking group NCPH, which is allegedly in the service of PLA. Among others, this group has been accused of attacking high-profile US organizations.
But PlugX has been detected in targeted attacks not only against military, government or political organizations, but also against more or less ordinary companies. And this is quite a strange situation. No matter whether penetrators have been hired or they work for themselves, if they tend to attack �serious� organizations/persons how come we�ve also seen very different types of targets - absolutely peaceful companies � hit by the same group? We could not locate any site where this tool (or rather its kit or builder) has been offered for use, so we can�t confirm that PlugX has been shared between cybercriminal communities or other potential attackers (although we can�t deny that possibility).
On our side we have detected attacks using this infamous tool against a company which is far from military, politics, critical infrastructure and so on. This company has been bombarded for a month with spear-phishing emails with attachments containing exactly this PlugX program. The first samples were of the same type that had been already described, i.e. some sort of debug version with plenty of logging of potential errors in a bug.log file. But several days ago attackers sent a bunch of emails with a new version of PlugX. This version differs from the previous one in terms of logging activity. The virus writer has removed almost all the lines of code for processing potential errors that were present in the old version. The following awful picture represents where the logging function has been invoked in the old version of PlugX code:
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
A Quick Look at the Twitter Phish Rotating through Domains
A Twitter phishing scheme is spreading its wings, as the previous couple of phishing domains used by this scheme late last week have been taken down. So its operators have decided to put up multiple effective domains. Here are a couple of things to look for.
When you are using a browser like Google Chrome and you are visit twitter.com, the browser displays a green url indicator that the domain has been verified by an extended SSL CA. Now, with the CA breaches that we've seen in the past year (the Diginotar breach report was finalized this past week), that may not mean everything. But, in this case, here is how you might verify that you are using the legitimate twitter site:
This Direct Message attracts phish with a dramatic notice: "Hey you hear about the gossip your mentioned in? it started some serious drama, it fired up a lot of people on here". There are a handful of messages in use, as the GFI guys mentioned here last week.
If you were to click on that bit.ly shortened link, your browser will be redirected through a click tracking service:hXXp://client1.gtisolutions.co.uk/track?type=click=|||hXXp:// tivvtter.com/r1?zcms
And on to the unverified, carefully selected domain. At first glance, this one almost looks like the twitter domain itself:
Do not enter your username and password at this site. Also, there are at least a half dozen other domains that look fairly close to "twitter.com", like this one. These guys are using all of them with the same page and graphics to tempt you into entering your credentials. This theft can be a risk if you re-use your passwords across accounts. Also, there is often other personal information within these twitter accounts, like the user's email address used to create the Twitter account. So please keep an eye out for this sort of play on word recognition-domains.
Fraud abusing Google Docs
Phishing is not exactly a ground-breaking technique. Quite the opposite, it seems like it has been around forever. This is an indicator of its effectiveness: we might think that it is unlikely that people would give away their banking credentials just because they are asked for them, but still there is a percentage who continue to become victims of one of the simplest fraud methods.
However both user awareness and anti-phishing tools are making harder for fraudsters to succeed in their attempts to get our money. We see this changing in the decrease in the percentage of spam. That is not the only reason: users are switching to new platforms such as social networks for direct communication.
Today I want to show you an example of the creativeness in avoiding spam and phishing filters.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
HKCERT: Hong Kong security incidents surged 30% in 2012
The number of security incidents hit 1,051 in 2012, up 30% from a year ago, said the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) Tuesday.
According to S C Leung, senior consultant of HKCERT, Web defacement (283 cases) and hacking (426 cases) powered the surge, growing 124% and 29% respectively.
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
'At Apple, 'they' really are after you': One insider's view of life in Cupertino
All high-tech companies profess their belief in noble ideals like worker advancement, teamwork, and 'transparency' - but on the ground, there can be major differences in culture. Take, for example, the differences between Intel and Apple, according to Ariel Maislos, former CEO of Israel's Anobit: "They say that Intel is full of paranoids, but at Apple, 'they' really are after you."
Fraud abusing Google Docs
Phishing is not exactly a ground-breaking technique. Quite the opposite, it seems like it has been around forever. This is an indicator of its effectiveness: we might think that it is unlikely that people would give away their banking credentials just because they are asked for them, but still there is a percentage who continue to become victims of one of the simplest fraud methods.
However both user awareness and anti-phishing tools are making harder for fraudsters to succeed in their attempts to get our money. We see this changing in the decrease in the percentage of spam. That is not the only reason: users are switching to new platforms such as social networks for direct communication.
Today I want to show you an example of the creativeness in avoiding spam and phishing filters.
Backdoor:OSX/Tsunami.A
Backdoor:OSX/Tsunami.A is a distributed denial-of-service (DDoS) flooder that is also capable of downloading files and executing shell commands in an infected system.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Is Twittering safe?
So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.
Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.
She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.
So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
- Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
- There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
- Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
- Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
- You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.
Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.
So be careful. Follow these rules and enjoy the conversation!
China reinforces its 'Great Firewall' to prevent encryption
It may be a real problem for Chinese citizens and Westerners, but that hasn't stopped the Chinese government from using new technology to plug holes in the "Great Firewall of China."
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
10 Ocak 2013 Perşembe
T-Mobile CEO says iPhone to launch within 3-4 months
T-Mobile CEO John Legere confirmed on Tuesday evening that the nation?s No.4 carrier will finally launch Apple?s (AAPL) iPhone in the next three to four months. Speaking with Reuters, Legere declined to provide a firm launch date for the iPhone. When asked about the timeframe for releasing Apple?s smartphone and�doing away with handset subsidies, however, the executive did offer some guidance.�?They?re all, I would call them, in three to four months as opposed to six to nine months,? Legere told Reuters. T-Mobile confirmed last month that it would finally begin selling Apple products in 2013, though the carrier did not clarify when launches will occur or which specific devices it will be sold.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
HKCERT: Hong Kong security incidents surged 30% in 2012
The number of security incidents hit 1,051 in 2012, up 30% from a year ago, said the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) Tuesday.
According to S C Leung, senior consultant of HKCERT, Web defacement (283 cases) and hacking (426 cases) powered the surge, growing 124% and 29% respectively.
9 Ocak 2013 Çarşamba
Anonymous: 'Expect us 2013'
The hacking group issues a statement boasting of its cyberattacks against the U.S., Syrian, and Israeli governments in 2012, while warning people to continue to expect this type of activity.
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Microsoft SDL bans mempcy()... next it will be zeros!!!!
So recently Microsoft banned memcpy() from their SDL process, which got several of us talking about perf hits and the likes when using the replacement memcpy_s, especially since it has SAL mapped to it. For those that don't know, SAL is the "Standard Annotation Language" that allows programmers to explicitly state the contracts between params that are implicit in C/C++ code. I have to admit its sometimes hard to read SAL annotations, but it works extremely well to be able to help compilers know when things won't play nice. It is great for static code analysis of args in functions, which is why it works so sweet for things like memcpy_s()... as it will enforce checks for length between buffers.
Anyways, during the discussion Michael Howard said something that had me fall off my chair laughing. And I just had to share it with everyone, because I think it would make a great tshirt in the midst of this debate:
Oh, I'm thinking of banning zero's next - so we can no longer have DIV/0 bugs! Waddya think?
OK.. so its a Friday and that is funny to only a few of us. Still great fun though.
Have a great long weekend! (For you Canadian folks that is)
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Return of the Indian phone scammers!
The title of this blog reminds me of the old zombie horror movies back from the 80-ies, but what im going to write here is more like a comedy. Some of you guys have probably read my blog post about the time when i tricked them into accessing websites under my control, which led to me collecting alot of information about the callers.
After that blog post i didn�t receive any calls... until today. I was sitting in my home office, drinking my daily smoothie and writing on my paper for the Virus Bulletin magazine, and suddenly i hear the phone ringing. I don�t care about that anymore, because i hear that my wife answers the phone, but after a few minutes she enters my room and tells me that "they" are calling again.
As always, i booted up my VMware image with a totally FRESH installation of Windows XP and start talking to the scammers. For you who are not familiar with the scam, please read my other blog post which can be found below because i won�t cover it in this post.
http://www.securelist.com/en/blog/208193750/Trying_to_unmask_the_fake_Microsoft_support_scammers
This time the scammers where using some different methods trying to convince me that my compute where infected with some malware. They even gave me the name "Frozen Trojan", and went to Google and tried to look it up for me. But they only ended up on results talking about the bird flue and other biological viruses which i thought was quite entertaining.
RSA Lays Off Security, Sales Staff
Layoffs are part of an ongoing restructuring across EMC caused by acquisitions that officials estimated in 2006 might ultimately claim 1,250 jobs.
M2M and the Internet of Things: How secure is it?
As interest in the "Internet of Things" phenomenon grows ? the idea that almost everything will be connected to the internet and will provide data or control ? so too has business' focus on machine-to-machine (M2M) technologies and communication. Like any emerging technology, however, M2M has a slew of security issues that businesses will have to deal with.
To highlight the security challenges ahead, ZDNet spoke with the representatives from Oracle, NetIQ, Check Point Australia, Palo Alto Networks, and Verizon Business.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Time to party! Windows 7 is here!
It's only a few days away. The official launch of Windows 7 is here!
And of course, that means its time to party!!! You may have heard about the Windows 7 House Parties that are being thrown all around the world. Basically thousands of small groups of people are getting together to see what Windows 7 can do.
Personally, I thought we needed to do more. So fellow MVP and friend Charlie Russel and I decided we would throw our own party. But focused on IT pros and not the consumer angle. We plan to have a lot of fun, showing the cool features of Windows 7 for IT pros like BitLocker, AppLocker and DirectAccess. We plan to bring a bunch of laptops and show new shell extensions, Powershell, new multitouch features and basically sit around and enjoy hours of Q&A for those that haven't tried it yet. We are even planning on installing Windows 7 on a guest's Macbook to show how well it does using Bootcamp on Apple hardware and even on small netbooks.
I also wanted to send a message out to the Vancouver IT community to clear up some misconceptions. This is a party hosted by Charlie and myself. This is NOT a Microsoft event. Microsoft was gracious enough to let us use their facility and even sprung for some of the cost for pizza. However, they never planned this out. Nor did the local VanTUG and VanSBS groups.
Our party is an INVITATION ONLY event. Because we are limited in our own budget and constrained in where we could have the party... we only have enough room for 75 people. So we could only allow a certain number of our friends to come. Charlie and I decided the best way to handle this would be to simply invite who we wanted, and then open it to our friends at the local user groups on a first come, first served basis. This is why there is a cap on the registration on the event, and why it booked up so quickly.
I am hearing through the grapeline that there is a LOT of descent in the Vancouver IT community who feel that Microsoft, VanTUG and VanSBS did a poor job organizing this. >LET ME BE CLEAR. This is a personal party that Charlie and I organized. If you were lucky enough to get an invitation and registered, great. But if you didn't, don't take it out on Microsoft, the local usergroups or their leaders. It's not their fault!!!
We are using our own money and time to throw this party. Please be considerate and respect that we couldn't invite all of you. I am happy to see there is so much excitement about Windows 7 and that you wanted to party with us. And I am sorry if you feel it isn't fair that you didn't get invited. Please feel free to share your own Windows 7 experience, and host your own party. We may be the only IT pro party during the Windows 7 launch, but nothing says you can't have your own!
So party on. Welcome to a new world. Welcome to Windows 7!
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Facebook Opens Up 2013 Hacker Cup Registration
It?s that time of the year again ? Facebook has just opened up registration for its annual Hacker Cup, ?an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the title of world champion.?
This is the third Hacker Cup that Facebook has hosted.
RunAs Radio podcasts you might want to listen to
Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.
There were two interviews I did last month:
The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.
Enjoy!
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Facebook to hold press event, stock passes $30
NEW YORK (AP) ? Shares of Facebook are pushing above $30 for the first time since July after it sent out invitations to "come and see what we're building" Tuesday at its headquarters in Menlo Park, Calif.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Exploit:Java/CVE-2012-4681.H
Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability.
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
December 2012 Microsoft Security Bulletins - IE, MSWord, Font Parsing, and More
The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at least 11 vulnerabilities, accurately described in the Advanced notification for this month. The MSRC recommends that their Internet Explorer (MS12-077) and Microsoft Word (MS12-079) updates are addressed asap.
The December 2012 Microsoft Security Bulletin Release fixes a varying array of versions of software and platforms per Bulletin. For consumers, that mostly means ensuring that the Microsoft Update software is enabled, run, and selected patches applied. For the vast majority of Windows customers, this month's release also requires that customers reboot their systems following the updates - the Internet Explorer, the kernel level font parsing updates and the file handling updates all require a reboot and hotpatching is not supported. The lack of hotpatch support means that the fix is not enabled on the system until it is rebooted. For IT folks in large and small organizations, this month's Release also requires some time set aside to understand whether or not your organization is running the versions of software requiring patches and accordingly address your environment.
The Microsoft Internet Explorer code maintains three different use-after-free vulnerabilities that are being patched this month. This "use-after-free" category of bugs is continuing to prove very difficult to stamp out, even in meaty, prevalent attack vectors like Internet Explorer. It was this sort of vulnerability that was abused in the 2010 Aurora cyber-espionage attacks on Google, Adobe, and the long list of other international corporate names that continue to maintain their incidents undisclosed and in the dark. At least one of these Internet Explorer vulnerabilities is likely to have exploit code developed against it.
As a vector of delivery for spearphish attacks, Microsoft Office seems to me to be the most popular target in the second half of the year. CVE-2012-0158 and CVE-2010-3333 continue to be identified in malicious attachments (both malicious Word and Excel files) in targeted attacks across the globe, while Adobe Reader and Flash, which were heavily abused, almost have fallen off the map. I don't know if this coincides with the release and distribution of the newly armored Adobe Reader X software and more sandboxing for Flash, or simply that offensive security investment in late summer had been directed toward producing toolkits that pump out the Office exploits we are seeing now. Either way, be sure to patch this Word flaw CVE-2012-2539 asap.
Unfortunately, we have seen kernel level exploits bundled into mass-exploitation kits like Blackhole. The Duqu exploit, previously used in very targeted attacks throughout the middle east, is being re-used in this manner. And MS12-078 this month patches kernel mode RCE for OpenType and TrueType font parsing flaws. The recent mass-exploitation activity increases and interest in kernel level font parsing vulnerabilities coincides with the open source github release of Microsoft font fuzzing tools and projects.
More of the Oracle Outside In code is being updated this month with a pile of publicly known critical vulnerabilities being patched much like in August of this year. Critical and Important Microsoft Exchange, DirectPlay, and IPHTTPS components are also being patched this month.
Also following up the annnouncement of the Microsoft software update release, Microsoft announced the availability of security updates for Adobe Flash that effect Internet Explorer users, among others. The flaws include a RCE buffer overflow vulnerability (CVE-2012-5676), RCE integer overflow vulnerability (CVE-2012-5677), and memory corruption vulnerability (CVE-2012-5678). For my production workstations and mobile devices, I've got multiple web browsers, and each one uses a different implementation of Flash. In my case, on my production systems, I visit this page with each browser to determine whether or not I have the lastest version of Flash. Android systems are effected too, and you can find more information at Adobe's APSB12-27. Perhaps we will see a resurgence of Flash exploitation over the next few weeks and into the New Year.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Kaydol:
Kayıtlar (Atom)