jump to navigation

Steve Lamb’s Blog : Don’t fall for the email scam titled “I EXPECT YOUR REPLY” June 30, 2005

Posted by peewitsol in Technical.
add a comment

Steve Lamb’s Blog : Don’t fall for the email scam titled “I EXPECT YOUR REPLY”

New email scam

Security Problem ! June 29, 2005

Posted by peewitsol in Technical.
add a comment

In Focus: So You Found a Security Problem, Now What? ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Lots of people find security problems with hardware and software products, network services, Web sites, and more. Some find problems through day-to-day computer use; others search for security problems purposely either as a hobby or as part of their job. When you find a security problem, what do you do? The obvious answer is to contact the company that produced the product. However, alerting a company to your discovery of a problem in one of its products can be a challenge. Lots of companies simply don’t prepare for reports of problems in their products and services. Their employees don’t know what to do when people try to report problems. Nor do their Web sites or product documentation provide any information about who to contact for security matters. Like many of you, I subscribe to a lot of security mailing lists. I can’t even begin to remember the number of times I’ve read a message to one of those lists from someone asking how to contact a given company. The messages typically say something like, “I found a security problem in Product XYZ. I tried to contact the company via email and received no response. Does anybody have security contact info for the company?” A good case in point happened last week. Someone found a problem in a widely used product and tried to contact the company via email and by phone. The person couldn’t make it past the receptionist and so couldn’t offer the information about the security problem to anybody in a position to do something about it. The person posted a description of the experience to a popular security mailing list, and now the company has to endure the embarrassment that comes along with public knowledge of its shortcomings–and the company’s customers are more exposed to someone exploiting the publicized vulnerability. Had the company trained the receptionist to handle calls regarding security matters, the incident probably wouldn’t have happened. As it turns out, the company in question read the message on the popular mailing list and quickly contacted the researcher. The company also quickly established a “security@” mailbox to which future reports can be sent.Of course, in other cases, it turns out that the person who posted the vulnerability details didn’t try very hard to contact the vendor. I’ll sidestep the endless debate about whether vulnerability information should be publicly posted and say that these situations point out that every company that provides products and services should have information listed in plain sight in the product documentation and on the company Web site that shows who to contact about security matters. Even if a company’s Web site serves only as an advertising vehicle and not as an ecommerce site, the company should include such contact information. Likewise, when you’re shopping for products, you should check whether a vendor lists security contact information. After all, you want the most secure products you can get, right? If a company doesn’t provide a highly visible contact for security problems, the company is making it more difficult than necessary for people to report security problems directly to the company. And as I pointed out earlier, such difficulty can lead to vulnerabilities being publicly disclosed. The trend seems to be to establish a “security@” or possibly a “secure@” email address that people can use to report potential security problems. Vendors should consider establishing such an address, if they haven’t already.

Apple – QuickTime – Download – QuickTime 7 for Windows Public Preview June 28, 2005

Posted by peewitsol in Technical.
add a comment

The latest Quicktime player No7 for Xp & 2000 users only though.

Apple – QuickTime – Download – QuickTime 7 for Windows Public Preview

Disable the Windows XP Pro tour and .NET passport nags with this VBScript – TechRepublic June 28, 2005

Posted by peewitsol in Technical.
add a comment

After installing Windows XP Professional on a computer you’ll encounter several annoying prompts that appear as balloons in the notification area of the taskbar. The first balloon prompts you take the Windows XP Tour. This balloon will return on subsequent logons until you’ve either taken the tour or dismissed the prompt at least three times.

The second balloon will prompt you to create an .NET Passport account. This balloon will return on a regular basis until you either create a .NET Passport account or dismiss the prompt at least 10 times.

If you don’t want to take the Windows XP Tour nor want to create an .NET Passport account, you can instantly and permanently disable both of these nagging prompts right after you install Windows XP by running the XP Nag Disabler VBScript

Disable the Windows XP Pro tour and .NET passport nags with this VBScript – TechRepublic

New Website almost finished June 26, 2005

Posted by peewitsol in Technical.
add a comment



My thanks to Chrisshoggy for designing the logo

Aaron Margosis’ WebLog : PrivBar — An IE/Explorer toolbar to show current privilege level June 26, 2005

Posted by peewitsol in Technical.
add a comment

Aaron Margosis’ WebLog : PrivBar — An IE/Explorer toolbar to show current privilege level

A useful add-on for IE & Windows Explorer

The Administrator Accounts Security Planning Guide June 26, 2005

Posted by peewitsol in Technical.
add a comment

The Administrator Accounts Security Planning Guide

A useful link with a free download of the guide

Microsoft TechNet: 10 Immutable Laws of Security June 26, 2005

Posted by peewitsol in Technical.
add a comment

Microsoft TechNet: 10 Immutable Laws of Security

So true

Customer Support – Real Security Updates June 25, 2005

Posted by peewitsol in Technical.
add a comment

Customer Support – Real Security Updates

Realplayer users need to urgently update

Secunia – Multiple Browsers Dialog Origin Vulnerability Test June 25, 2005

Posted by peewitsol in Technical.
add a comment

Secunia – Multiple Browsers Dialog Origin Vulnerability Test