General discussion

  • Creator
    Topic
  • #2183464

    Harry Waldron

    Locked

    by harry waldron, cpcu, ccp ·

    blog root

All Comments

  • Author
    Replies
    • #3238437

      CBS News Feature — P2P Security & Privacy Dangers

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      CBS News Feature — P2P Privacy Dangers

      A summary of some key risks associated with P2P File sharing:

      1. Malware (including some of the most dangerous viruses out there) will be automatically written to openly shared hard drives. While AV protection can help, brand new viruses are created daily and seeded on P2P networks.

      2. The exchange of music, CDs, P2P file shares violate Copyright Laws related to intellectual property rights. Individuals may rationalize that participating in P2P is no worse than using TIVO or copying a movie off of a cable station. Still, the “law is the law”. Due to current widespread practices the RIAA or DCMA can only make “examples” out of some of the unlucky ones they catch in the process.

      3. The greatest danger of all is privacy invasion as illustrated in the article. By sharing your hard drive, ANYONE in the P2P network can potentially access ANYTHING on your hard drive. It could be a tax return, bank account spreadsheet, stored email messages, or other sensitive information.

    • #3238438

      Sober.P – Beware of Free World Cup 2006 Tickets

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Virus writers continue to use social engineering techiques to trick folks into opening attachments.  Sober.P has spread more successfully than most recent viruses, as it can tempt sports fans into thinking they have won something free.  Usually in email, there are no “free lunches” as most of these types of emails are like telemarketing calls — there’s always a catch … and in this case you’ll catch a very advanced virus that is difficult to remove from Windows.   

      Sober.P – Beware of Free World Cup 2006 Tickets
      http://www.google.com/search?hl=en&q=world+cup+sober.p
      http://www.viruslist.com/en/weblog
      http://www.theregister.com/2005/05/03/world_cup_virus/
      http://netscape.com.com/4520-6600_7-6215417-1.html
      http://www.webuser.co.uk/news/63573.html

      Sober.p, which has caused outbreaks in various western European countries, owes some of its success to social engineering. It arrives as an attachment to infected messages which use a range of subject headers, messages and attachment names in both English and German. Some of the messages appear to promise tickets to the World Cup in 2006 – and who wouldn’t want World Cup tickets?

      Infected emails pose as ticket confirmation messages from organisers of the football World Cup, due to be held in Germany next year. The worm composes messages with subject lines such as “WM-Ticket-Auslosung” and “Your Password” with attachments such as Fifa_Info-Text.zip containing a .pif payload file. Sober-P only infects Windows machines

    • #3238432

      Would you trade a cup of coffee for your password?

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

       

      http://news.com.com/2061-10789-5697143.html

      Quote: Security vendor VeriSign found 66 percent would choose to give up their passwords for a Starbucks coffee, during an informal on-the-street survey conducted Thursday in San Francisco … Those that revealed their password or gave hints received a $3 gift card for Starbucks–the price of a latte

      This study is sponsored by VeriSign (a leader in digital certificate technologies), so I’m confident 66% of folks surveyed would not truly reveal their passwords. The 66% may have provided a false password or more likely clues on their passwords. Most likely, the true number who would reveal their true passwords is probably less than 10%.

      Still, individuals should do their utmost to protect all of their passwords. In helping in security issues, I’ve actually had folks send me their ISP or email account name and password. Sometimes a good strong password is the only lock you have to keep the bad guys out.

      This same techique of trying to get users to reveal passwords was used about a year ago.

      Would you trade your password for Chocolate?

      P.S. Wonder if Starbucks has “Chocolate flavored Coffee”

    • #3238433

      SQL-Server 2000 Service Pack 4 – Now Available

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

       

      The release of Service Pack 4 for SQL-Server 2000 was on May 6, 2005.  After lab testing, this new Service Pack will be worthwhile to install for improved security and to provide bug fixes for functional issues.. 

      SQL-Server 2000 SP4 HOME PAGE

      SQL-Server 2000 SP4 – List of Security and Bug Fixes

      DOWNLOAD LINK SQL-SERVER 2000 SP4

    • #3238434

      MyDoom.BQ (Mytob.ED) – Medium Risk at Secunia

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

         This new virus has been declared as MEDIUM RISK by Secunia. TrendLabs has declared a Medium risk alert in order to control this new WORM_MYTOB variant that is currently spreading in Australia and Japan. 

      It uses a social engineering approach where there appears to be administrative or non-delivery issues associated with email message processing.  On all non-delivery messages, it’s always important to never open attachments, even if it appears to be from someone you know or yourself.

      MyDoom.BQ – Symantec

      MEDIUM RISK at Secunia 

      MyTob.ED – Medium Risk Trend Micro

      Diagram on how this worm spreads & potential to impact network

      Email messages to block or avoid:

      Subject: (any of the following)
      – *IMPORTANT* Please Validate Your Email Account
      – *IMPORTANT* Your Account Has Been Locked
      – {random}
      – Email Account Suspension
      – Notice: **Last Warning**
      – Notice:***Your email account will be suspended***
      – Security measures
      – Your email account access is restricted
      – Your Email Account is Suspended For Security Reasons

      Message body: (any of the following)
      – Account Information Are Attached!
      – Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
      – please look at attached document.
      – To safeguard your email account from possible termination, please see the attached file.
      – To unblock your email account acces, please see the attachement.
      – We have suspended some of your email services, to resolve the problem you should read the attached document.
      – {random}

      Attachment: (any of the following file names)
      – {random}
      – document_full
      – email-doc
      – email-info
      – email-text
      – IMPORTANT
      – information
      – info-text
      – your_details

      (any of the following extensions)
      – BAT
      – CMD
      – EXE
      – PIF
      – SCR
      – ZIP

    • #3238435

      Wurmark.J – MEDIUM RISK by Secunia/Trend

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Avoid ZIP based attachments as this one is spreading significantly. 

      Wurmark.J – MEDIUM RISK by Secunia/Trend

      Trend Micro WORM_WURMARK.J Information

      quote: As of May 11, 2005 at 4:30 am (Pacific Daylight Time; GMT-7:00) TrendLabs has declared a Medium risk alert in order to control this new WURMARK variant that is currently spreading in France, India, Singapore, and Taiwan.

      This memory-resident worm propagates via email messages. Upon execution, it drops a copy of itself in the Windows system folder using a random file name. It also drops a randomly named (Dynamic Link Library) DLL file in the Windows system folder, which is a component of an IESpy, a Spyware program. This worm has a keylogging capability. It saves the logs typed by the user in a dropped random DLL file.

      AVOID THE FOLLOWING ATTACHMENTS

      Attachment: (any of the following file names)
      •details.zip
      •girls.zip
      •image.zip
      •love.zip
      •message.zip
      •music.zip
      •news.zip
      •photo.zip
      •pic.zip
      •readme.zip
      •resume.zip
      •screensaver.zip
      •song.zip
      •video.zip

    • #3238428

      Firefox 1.04 – Released to address Critical Security issue

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

         Mozilla has released version 1.04 of Firefox to address a security security issue and exploit discovered this week.  I have installed the new release for Windows 98, 2000, and XP SP2 with no issues so far.  While there are no in-the-wild threats or viruses associated with the new exploit, current Firefox users should upgrade to further protect their systems.

      Firefox 1.04 – Security Changes and other release notes

      Security Update to Firefox Now Available

        Firefox 1.04 Free Download (English version 1.04)

      Original Advisories on Security Issues

      Mozilla Foundation Security Advisory 2005-42

      Secunia – Mozilla Firefox Two Critical Vulnerabilities

      The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday. The two vulnerabilities, when combined, can be exploited, but no known cases have yet emerged where an attacker took advantage of the public exploit code.

      One flaw involves “IFRAME” JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list. “If you visit a malicious Web site, it can steal cookie information from other Web sites you had previously visited,” said Thomas Kristensen, Secunia’s chief technology officer. The attacker could then use that information to engage in identity theft or gain access to other password-protected sites that the victim visited.

      Mozilla issued the following workaround to prevent installing software automatically from web sites.  This adds protection for future issues and it enhances security even after upgrading to version 1.04 (and can be toggled on or off as needed).

      1. Select the “Options” dialog from the “Tools” menu
      2. Select the “Web Features” icon
      3. Click the “Allowed Sites” button on the same line as the “Allow web sites to install software” checkbox
      4. Click the “Remove All Sites” button
      5. Click “OK”

    • #3238429

      Microsoft’s AV solution announced – Windows One Care

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Microsoft Windows One Care – Press release

      Windows One Care Home Page

      Windows One Care – Related Article

      Windows One Care – Key Features

        •  Defense against viruses and spyware, as well as two way firewall protection
        •  Performance and reliability tools including disk cleanup, hard drive defragmentation and file repair.
        •  Backup and restore capabilities to allow users to automate the backup of their files on to CD or DVD, as well as the ability to restore saved versions of files back onto their PC

    • #3238430

      F-Secure tests Toyota Prius to see if mobile phone virus can transfer

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      This was a neat read in F-Secure’s weblog:

      Monday, May 9, 2005
      In-depth investigation of the “Cabir-in-Cars” myth

      http://www.f-secure.com/weblog/

      However a mobile worm infecting a car is a thought that one cannot let go easily, and even as we knew that the car cannot be infected, this was something
      that just had to be tested for real.  So we got a Toyota Prius to test out the myth. Credit has to be given to Toyota for trusting their systems enough to
      actually lend the car for us for such testing. According to Toyota, this Prius model had identical in-car Bluetooth systems with the Lexus models, so it
      was suitable for our tests.

    • #3238431

      Sober.Q Virus – Produces extensive SPAM in German

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      The new Sober.Q variant is installed automatically from existing infected Sober.P systems.  It generates extensive SPAM in German.  While these SPAM messages don’t contain the virus itself, the URLs most likely point to sites could could contain adware, spyware, or possible viruses. 

      PLEASE DO NOT CLICK ON ANY URLS in these messages  

      http://www.f-secure.com/v-descs/sober_q.shtml

      Sober.U — Trend Micro has indepth information

      W32.Sober.P@mm – Symantec

      http://vil.nai.com/vil/content/v_133684.htm

      Sober.Q was found on May 14th, 2005. This Sober variant doesn’t spread itself in e-mails. Instead, it mass-mails political statements. Sober.Q is installed to computers infected by Sober.P. Sober.Q is written in Visual Basic.

      Like many Sober variants, this variant uses it’s own SMTP engine to send spammed messages to email addresses found on the infected system.  It can generate several different email messages randomly, in either English or German depending on the version of Windows.  Some messages may contain several links inside them.

    • #3339065

      Firefox users should upgrade to 1.0.4 – new exploits released

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      K-OTic/FrSIRT has released 3 exploits against Firefox 1.03; If you haven’t upgraded to 1.04, this is yet another good reason to do so without delay.

      Download firefox in a your preferred flavor. For a description of the problems, Mozilla has following URLs:

      http://www.mozilla.org/security/announce/mfsa2005-44.html http://www.mozilla.org/security/announce/mfsa2005-43.html

    • #3338909

      Secure your wireless network – Easy tips from Kim Komando

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      This outline provides an excellent and easy to follow format for securing a wireless network at home.  Key approaches include: WPA, turning off unneeded wireless router services, using strong passwords, and reassigning SSIDs.  I also recommend using XP SP2 which offers the most up-to-date support for wireless technology by Microsoft.

      http://www.komando.com/tips_show.asp?showID=8796

    • #3242533

      Office 12 – Will offer improved server based security on documents

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        The next edition of Microsoft Office should become available during 2006.  It will offer improved security for server based documents.

      Office 12 – Improved server based security on documents
      http://techrepublic.com.com/2100-10877_11-5717662.html

      Federal record-keeping regulations, such as Sarbanes-Oxley and HIPAA, are forcing Microsoft to examine various ways to secure Office documents. With the next version of Office, Microsoft plans to let businesses set rules, enforced by server-based software, to determine how those documents are handled

      Office 12 – Some early reported info on new features
      http://techrepublic.com.com/2100-10877_11-5712784.html

    • #3239222

      MS04-023: PGPCoder Trojan – Encrypts & demands $200 for the key

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        This is a new malicious attack that’s not widespread and provides all the more reason to stay up-to-date with Microsoft Security updates.

      MS04-023: PGPCoder Trojan – Encrypts & demands $200 for the key
      http://news.zdnet.com/2100-1009_22-5718678.html
      http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=194
      http://secunia.com/virus_information/18207/pgpcoder/

      Researchers at Symantec have seen the malicious program used in the ransom attack. The “Trojan.Pgpcoder” searches a victim’s hard disk drive for 15 common file types, including images and Microsoft Office file types. It then encrypts the files, removes the originals and drops a note asking $200 for the encryption key, Friedrichs said.

      This memory-resident Trojan arrives via Internet or copied from disks. Upon execution, it encrypts all files on the system having the following extensions:

      • ASC
      • DB
      • DB1
      • DB2
      • DBF
      • DOC
      • HTM
      • HTML
      • JPG
      • PGP
      • RAR
      • RTF
      • TXT
      • XLS
      • ZIP

    • #3180413

      Witty Worm – “Patient zero” Analysis of First PCs attacked

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      A recent study was completed related to the Witty worm, which represents one of the most sophisticated attacks using a few vulnerability in the Black Ice Firewall system.  The randomized IP generation and destructive disk algorithms used by Witty are detailed in the Long Version of the Slide show below. 

      Internet Storm Center
      http://isc.sans.org/diary.php?date=2005-05-26

      Security Focus Article
      http://www.securityfocus.com/news/11235

      Article – Outwitting the Witty Worm
      http://www.cc.gatech.edu/~akumar/witty.html

      Slide Show – Long Version
      (esp. pages 11-17, 41-42)
      http://www.cc.gatech.edu/%7Eakumar/witty_slides.pdf

      Slide Show – Short Version
      http://www.cc.gatech.edu/%7Eakumar/wisp.pdf

      Reflections on Witty: Analyzing the Attacker
      http://www.icsi.berkeley.edu/%7Enweaver/login_witty.txt

    • #3180214

      MS05-016:VBS_RUNEXPLT.C (arrives as Word Document)

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        This new threat arrives as a Word document and manipuates unpatched Windows PCs, manipulating the recent MS05-016 patch which was part of the April 2005 updates provided by Microsoft.

      VBS_RUNEXPLT.C Information

      This malicious VBScript file takes advantage of the Windows Shell vulnerability, which could allow a remote malicious user to execute arbitrary code on the affected system. For more information about this vulnerability, please refer to the following Microsoft page: Microsoft Security Bulletin MS05-016

      It usually arrives on a system as a Microsoft Word document. When executed on a vulnerable machine, it attempts to download and execute a file, which may also be malicious in nature, from the following location:  Nnpyf.c{BLOCKED}nn.com.  This malicious VBScript file runs on Windows 98, ME, 2000, and XP.

    • #3179275

      MS04-011: MYTOB.AR – New MEDIUM RISK worm

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

       Trend and Secunia have issued MEDIUM RISK alerts for MYTOB.AR.   Click these links below for more information:

      MYTOB.AR – Secunia alert MEDIUM RISK

      TREND MICRO – MEDIUM RISK

      quote:  As of May 30, 2005 3:08 AM (PDT/GMT-7:00), TrendLabs has declared a MEDIUM risk alert in order to control the spread of WORM_MYTOB.AR. TrendLabs has received several infection reports indicating that this worm is currently spreading in Australia, China, Hongkong, India, Japan, Korea, Philippines, Taiwan, and the United States.

      Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment (file size is around 29,868 to 29,882 bytes) to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

      EXAMPLE – Usually an EMAIL delivery or account issue
       

      EMAIL FORMAT

      Subject: (any of the following)
      • {Random}
      • *DETECTED* Online User Violation
      • *IMPORTANT* Please Validate Your Email Account
      • *IMPORTANT* Your Account Has Been Locked
      • *WARNING* Your Email Account Will Be Closed
      • Account Alert
      • Email Account Suspension
      • Important Notification
      • Notice of account limitation
      • Notice: **Last Warning**
      • Notice:***Your email account will be suspended***
      • Security measures
      • Your email account access is restricted
      • Your Email Account is Suspended For Security Reasons

      Attachment: (any combination of the following file names and extension names)

      File name:
      • {random}
      • account-details
      • document
      • document_full
      • email-doc
      • email-info
      • info
      • information
      • info-text • instructions
      • your_details

      Extension name: BAT, CMD, EXE, PIF, SCR, ZIP

    • #3179693

      Bagle.BO – MEDIUM RISK and spreading extensively

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

       Please select from links below:

      Bagle.BO F-Secure – MEDIUM RISK

      Trend Micro Information

      Sophos – Troj/BagleDl-Q

      Symantec – Tooso.I 

      Kaspersky – MEDIUM RISK

      McAfee – Bagle.dldr
       


      MESSAGE LABS – SPECIAL ALERT

       New Bagle Downloader spreading like wildfire via email

      31 May 2005 – MessageLabs is warning computer users to be on their guard against a new variant of the Bagle downloader. MessageLabs has intercepted almost 70,000 copies already. The first copy was intercepted today at 13:24 GMT (14:24 BST). 45,769 copies have been stopped in the last hour (3-4pm BST). The virus appears to have originated from a Yahoo group.

      The as yet unnamed Bagle downloader variant drops a trojan that attempts to download Bagle from a vast list of locations. Computer users who activate the file attached in the email invoke the virus, which harvests email addresses it finds on the computer’s hard drive. The virus then forwards itself onto the list of email addresses it has discovered in infected computer.

    • #3169910

      Mytob.BI – Poses as an IT Administrator

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      The social engineering, advanced code, attack methods, and the ease in building new variants makes this family among the worst.  Users must keep their AV protection updated daily to keep up with new threats.

      Mytob.BI – Poses as an IT Administrator

      The Mytob.BI variant prevents the infected machine from accessing several antivirus and security Web sites by redirecting the connection to a local machine, the security company added. While prevalence of the worm is still low, the damage potential is high, Trend Micro said. U.K.-based antivirus company Sophos PLC also rated the worm as a concern, due to the severe damage it could cause.

      Researchers speculated that the Mytob worm family is popular with hackers because its code base is relatively easy to manipulate to create a new variant. Another version, Mytob.ar, was detected earlier this week, containing added spyware and adware elements.

      The worm poses as a message from an IT administrator, warning recipients that their e-mail accounts are about to be suspended, Trend Micro said. Possible subject headers for the worm include “*IMPORTANT* Please Validate Your Email Account” and “Notice: **Last Warning**.”

    • #3169909

      ISC publishes Scott’s Toolkit for Windows

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      SANS Logo  The Internet Storm Center shares one handlers toolkit recommendations. This toolkit looks like it will provide you with everything you will need to monitor, troubleshoot and maintain you network. Some us might have personal preferences on AV vendors or other items, but it’s still a very nice list.

        ISC publishes Scott’s Toolkit for Windows

      I’ve created what I call “Security Kits” on both CD-Rs and now the new FlashRAM memory sticks with a lot of these tools on there You never know which neighbor or relative is going to be next on the list to go help out

      Antivirus Tools
      |– McAfee Stinger (updated routinely)
      |– Symantec AV Corporate Edition v9 (soon to be v10)
      |– Microsoft Malware Removal Tool (released monthly)
      |– Current Symantec AV Intelligent Updater
      Response Kit
      |– NetCat (available now at SecurityFocus)
      |– SysInternals AccessEnum
      |– SysInternals AutoRuns
      |– SysInternals Contig
      |– SysInternals DiskView
      |– SysInternals FileMon
      |– SysInternals ListDLLs
      |– SysInternals Page Defrag
      |– SysInternals ProcessExplorer
      |– SysInternals PS Tools
      |– SysInternals RegMon
      |– SysInternals Rootkit Revealer
      |– SysInternals Sdelete
      |– SysInternals ShareEnum
      |– SysInternals Sync
      |– SysInternals TCPView
      |– SysInternals Miscellaneous tools
      |– Heysoft LADS
      |– myNetWatchman SecCheck
      |– Inetcat.org NBTScan
      |– FoundStone BinText
      |– FoundStone Forensic Toolkit
      |– FoundStone Fport
      |– FoundStone Galleta
      |– FoundStone Pasco
      |– FoundStone Rifuti
      |– FoundStone Vision
      |– FoundStone ShoWin
      |– FoundStone SuperScan
      |– WinDump
      |– Nmap
      |– Tigerteam.se SBD (encrypted netcat)
      |– GNU based unxutils (from unixutils.sourceforge.net)
      |– Good copies of windows binaries (netstat, cmd, ipconfig, nbtstat)
      Spyware Tools
      |– AdAware (updated defs in same directory)
      |– CWShredder
      |– Hijack This
      |– MS AntiSpyWare Beta
      |– Spybot Search and Destroy (updated defs in same directory)
      |– BHO Demon
      Security Tools (this is my usual place to dump the .zip or .exe installers)
      |– Heysoft LADS (list alternate data streams)
      |– Inetcat.org NBTScan
      |– MS Baseline Security Analyzer
      |– MS IIS Lockdown tool
      |– Sam Spade
      |– SSH Client (SSH.com or Putty)
      |– SysInternals Tools
      |– Foundstone Tools
      |– BlackIce PC Protection
      |– Kerio Personal Firewall
      |– Zone Alarm Personal Firewall
      |– WinPcap
      |– WinDump
      |– Ethereal Installer
      |– Nmap for windows (cli version)
      Utilities
      |– Adobe Acrobat Reader Installer
      |– CPU-Z
      |– FireFox Installer
      |– Macromedia Flash and ShockWave Installers
      |– Quicktime Standalone Installer
      |– VNC Installer
      |– Winzip Installer
      |– ISCAlert
      Service Packs ( on a 2nd CD )
      |– Windows XP SP2
      |– Windows 2000 SP4 (+rpc/lsass critical patches or SRP when released)
      |– Windows 2003 Server SP1

      (Some additional CDs I keep around for the Unix geek in me)
      Knoppix CD
      Helix CD

      Note: Any commercial software above that is not freeware/shareware in the list above should be replaced in your toolkit with your company or campus licensed software.

    • #3172442

      MS04-011: Bobax.P – MEDIUM RISK at Trend

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Trend has declared a MEDIUM RISK due to prevalance

      MS04-011: Bobax.P – MEDIUM RISK at Trend 

      MS04-011: Bobax.Z – Symantec version
       
      W32.Bobax.Z is a mass-mailing worm that lowers security settings and allows a compromised computer to be used as a covert proxy. The worm also sends an email to addresses gathered from the compromised computer.

      As of June 3, 2005 1:38 AM (PDT/GMT-7:00), TrendLabs has declared a MEDIUM risk alert in order to control the spread of WORM_BOBAX.P. TrendLabs has received several infection reports indicating that this worm is currently spreading in the United States, Singapore, Ireland, Japan, Peru, Australia and India.

      Message body: (any of the following)
      ——————————————
      Attached some pics that i found
      Check this out 🙂
      Hello,
      I was going through my album, and look what I found..
      Long time! Check this out!
      Osama Bin Laden Captured.
      Remember this?
      Saddam Hussein – Attempted Escape, Shot dead
      Secret!
      Testing

    • #3170297

      Spybot Search & Destroy version 1.4 available

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Spyware S&D is an excellent spyware removal tool that is free for personal use.  The following provide some key links from download.com:

      Spybot S&D 1.4 Overview

      Download Site Version 1.4

        Download.com Review of Spybot – Search & Destroy

      5

      The latest version of Spybot – Search & Destroy adds some truly useful features to an already excellent application. The program still checks your system against a comprehensive database of adware and other system invaders, but it works much faster now. It also features several interface improvements, including multiple skins for dressing up its appearance. Scan results now appear arranged by groups in a tree, and a sliding panel lets you instantly view information about a selected item to help you decide whether to kill it or not. The Immunize feature blocks a plethora of uninvited Web-borne flotsam before it reaches your computer. Other useful tools, including Secure Shredder, complement the program’s basic functionality for completely destroying files. Hosts File blocks adware servers from your computer, and System Startup lets you review which apps load when you start your computer. The functionality makes Spybot – Search & Destroy a must-have for all Internet users, and this version is a worthwhile upgrade.

    • #3170298

      Ad-Aware SE Personal Edition 1.06 available

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Ad-Aware SE Personal Edition 1.06 is an excellent adware and spyware removal tool that is free for personal use.  The following provide some key links from download.com:

      Ad-Aware SE Personal Edition 1.06 – Information

      Download Site – Version 1.06

        Download.com Review of Ad-Aware SE Personal Edition

      5

      One of the first applications built to find and remove adware and spyware, Ad-aware SE Personal Edition’s excellent reputation is well justified. The sky-blue, skinnable interface features five buttons. The first two, Status and Scan, lead to the core function of the application. These buttons initiate a scan of your files for adware components. After scanning is complete, the program presents a summary of results, followed by a list from which you select exactly which components to remove. Right-clicking an individual entry gives some information about the piece of suspected adware, though we would like more details. Ad-aware SE can alert you to more malignant forms of malware by separating items into critical and negligible categories. The third button, Ad-watch, is nonfunctional in the Standard version. The fourth button, Plug-ins, shows you which Ad-aware plug-ins are installed. The fifth leads to the help files.

      Ad-aware SE does an excellent job of quickly finding and removing most adware and spyware components, although you will have to restart and rescan for a seriously infected machine. We were pleased to see an auto-update feature included with the program, keeping Ad-aware up-to-date with the latest adware components. Ad-aware SE should be part of your arsenal for keeping your machine free of adware and spyware components.

    • #3170296

      Downloader.ABL (aka Small.AHE) – MEDIUM RISK (Osama virus)

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Trend/Secunia also declared MEDIUM RISK on Troj Small.AHE, which is different than Bobax.P, but centers on the same theme.

      For users, it’s essential to AVOID attachments from ANY politically themed email, as that’s often a common social engineering threat (like we saw with the German Sober.Q spam)

      Secunia Information

      http://secunia.com/virus_information/18540/

      http://secunia.com/virus_information/18574/

      This downloader trojan was mass-spammed on June 2, 2005. It may arrive in an email message as follows (messages vary):

      Subject:
      God Bless the USA!
      Finally!
      Captured..
      He has captured..

      Body:

      Xmong. Npos alter. almonsted nocks

      Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture. I apologize for the low quality, its the best I could do at this point of time. Hopefully CNN will have pictures and a video soon. God bless the USA! Stephen Christensen

      Attachment:  pics.zip, teamster.zip, usurus.zip, toxicology.zip

    • #3171523

      MS04-007: RBOT variant – 1st worm to exploit ASN.1 via Internet

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Kaspersky’s weblog entry of June 5th entitled “Robots,vile robots everywhere!” is a great read

      MS04-007: RBOT variant – 1st worm to exploit ASN.1 via Internet

      Investigation of the packets revealed a Microsoft ASN.1 exploit, which tries to download and run an executable from the attacking machine via TFTP. We’ve secured a binary and took a look under the cover. The responsible worm was a Rbot variant, …

      Besides the ASN.1 exploit – and this is the first worm to use it successfully on the Internet – the Rbot variant uses a multitude of other exploits, DCOM, RPC,Veritas Backup Exec, LSASS, MSSQL, password guessing and so on. It also steals registration keys from a good list of popular games, PayPal accounts logins, has an embedded backdoor and of course, DDoS capabilities.

      Basically, it’s a worm which tries very hard to spread while at the same time, it tries to steal as many valuable data from the victim machine as it is available. It is a highly infectious worm, written for profit. And yes, most of the other worms we’re seeing nowadays are no different.

      Spybot.PKC – May be a close example of the new RBOT variant

    • #3171218

      Secunia Advisory – Mozilla Frame Injection Vulnerability

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Secunia has issued a moderately critical advisory for Mozilla browsers including Firefox 1.04 for a Frame Injection Vulnerability.  This new vulnerability has not been exploited in-the-wild and can only occur while processing a trusted and hostile web site at the same time.  Firefox users should look for an upcoming release and always be careful of sites visited and email URL links.

      ZdNet Article: Mozilla Frame Injection Vulnerability

      A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned.  The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames, which are a way of showing Web content in separate parts of the browser window.

      As a result, an attacker could insert content into a frame on a trusted Web site, Secunia said. Account holders who believe they are interacting with a frame belonging to an online bank could be tricked into giving up personal information or downloading malicious code, for example. Secunia rated the issue “moderately critical.” The same “frame injection” vulnerability in Mozilla’s browsers was detailed by Secunia in July of last year. At the time, it did not affect the most recent versions of the applications.

      For a spoofing attempt to work, a surfer would need to have both the attacker’s Web site and a trusted Web site open in different windows. A click on a link on the malicious site would then display the attacker’s content in a frame on the trusted Web site, Secunia said. The company advised people not to visit trusted and untrusted Web sites at the same time.

       

      Secunia Advisory – Mozilla Frame Injection Vulnerability

      Moderately Critical:  

      Description:  A seven year old vulnerability has been re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites. 

      Secunia Browser Frame Injection Vulnerability Test

      The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Other versions may also be affected.

      Solution: Do not browse untrusted web sites while browsing trusted sites.

       

      Mozilla Support Forums Information

      The vulnerability has not been exploited, a moderator of a support forum on the Mozilla Web site wrote Monday, in response to the Secunia alert.  For protection, the moderator advises people to close all other windows and tabs before accessing a Web site such as a bank or online store that requires them to type in personal data.

    • #3191844

      Skulls.L – Pretends to be pirated version of F-Secure’s Mobile AV product

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        This new variant of the Skulls mobile phone virus appears to be a free “pirated“ copy of F-Secure’s Anti-virus product for Mobile phones.  Besides the legal and ethical considerations for using pirated copies of software, this new virus will lock the phone permanently until cleaning is accomplished by buying the real product.  This social engineering scheme illustrates the dangers of installing free software offered by email, instant messaging, or other sources.

      Links related to this new virus are noted below:

      Skulls.L – Pretends to be F-Secure’s Mobile AV product

      F-Secure’s Web Log Description

      Skulls.L is a variant of SymbOS/Skulls.C trojan. The component files of the trojan are almost identical to Skulls.C. The main difference between Skulls.L and Skulls.C is that Skulls.L pretends to be a pirate copied version of F-Secure Mobile Anti-Virus.

        REMOVAL Techniques

      Disinfection with two Series 60 phones

      Download F-Skulls tool from FTP site  or

      Download F-Skulls Tool directly with phone

      1. Install F-Skulls.sis into infected phones memory card with a clean phone
      2. Put the memory card with F-Skulls into infected phone
      3. Start up the infected phone, the application menu should work now
      4. Go to application manager and uninstall the SIS file in which you installed the Skulls.L
      5. Download and install F-Secure Mobile Anti-Virus to remove any Cabirs dropped by the Skulls.L or with mobile itself  http://mobile.f-secure.com
      6. Remove the F-Skulls with application manager as the phone is now cleaned

    • #3192440

      Microsoft Security Updates planned for June 14th

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

         On June 14, 2005, the Microsoft Security Response Center is planning to release:

      Security Updates

      7 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart. 5 of these updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA), 2 of these updates will be detectable using the Enterprise Scanning Tool (EST).
       
      1 Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Services for UNIX. The greatest aggregate, maximum severity rating for these security updates is Moderate. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and using the Enterprise Scanning Tool (EST).
       
      • 1 Microsoft Security Bulletin affecting Microsoft Exchange. The greatest aggregate, maximum severity rating for this security update is Important. This update will not require a restart. This update will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and using the Enterprise Scanning Tool (EST).
       
      • 1 Microsoft Security Bulletin affecting Microsoft Internet Security and Acceleration (ISA) Server and Small Business Server. The greatest aggregate, maximum severity rating for these security updates is Moderate. These updates may require a restart. This update will be detectable using the Enterprise Scanning Tool (EST).
       

      Microsoft Windows Malicious Software Removal Tool

      • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.  Note that this tool will NOT be distributed using Software Update Services (SUS).

    • #3193113

      MS00-037: Hackers use dangerous URLs with a Michael Jackson rumor

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        This email has no attachment, but if you click on the link a trojan horse can be downloaded on your PC.  This downloader attack can open up your PC from a security perspective.  MS00-37, which is a five year old Help File security flaw is also used to attack any completely unpatched PCs.  While this new threat is not widespread, the media is reporting it on the news this morning.   

      ZDnet: Hackers use email URL create Jackson rumor

      Trend Micro – PHELP.P Trojan

      AVOID CLICKING ON THE URL IF YOU RECEIVE THIS EMAIL MESSAGE

      News from Neverland — Last night, while in his Neverland Ranch, Michael Jackson has made a suicidal attempt.  They suggest this attempt follows the last claim was made against the king of pop. 46 years old Michael has left pre-suicid note which describes and interpretes some of his sins.

      Read http://mega{BLOCKED}buz.com more…

    • #3192893

      Attack of the Mytob worms – Several new variants

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        McAfee has featured a new variant each day in June on average so far.  Mytob is one of the most advanced worms that hackers can easily modify.  It hides in a stealth like manner and appears as an email message from an administrator (always verify these types of messages before clicking on either links or attachments).

        Mytob may be worst virus of 2005

      The Mytob worm has to be close to #1, for the worst worm 2005. While Netsky.P is #1 in volume (i.e., it’s like the Klez.H worm of old), we can be stop this much older version with current virus defintions.  Every day the virus writers easily modify the code and seed fresh copies as AV vendors scramble to cover the latest code derivations and compression techniques.  We are most likely averaging one new copy per day.

      Some key reasons are:

      * Stealth-like, as it can hide for a while on an infected PC and lowers security settings.
      * Very well socially engineered (appears like an official admin email message),
      * Exploits some unpatched Microsoft security vulnerabilities (MS04-011),
      * Technically well crafted also (usually carries a Spybot variant) 

        13 new versions in 13 days

      http://vil.nai.com/VIL/newly-discovered-viruses.asp

      W32/Mytob.cv@MM   06/13/2005 Low Low 4513
      W32/Mytob.ch@MM   06/11/2005 Low Low 4512
      W32/Mytob.cg@MM   06/11/2005 Low Low 4512
      W32/Mytob.cc@MM   06/08/2005 Low Low 4510
      W32/Mytob.ca@MM   06/08/2005 Low Low 4509
      W32/Mytob.bx@MM   06/07/2005 Low Low 4508
      W32/Mytob.gen!eml   06/07/2005 Low Low 4508
      W32/Mytob.bw@MM   06/06/2005 Low Low 4508
      W32/Mytob.bv@MM   06/06/2005 Low Low 4508
      W32/Mytob.br@MM   06/05/2005 Low Low 4507
      W32/Mytob.bo@MM   06/02/2005 Low Low 4506
      W32/Mytob.bl@MM   06/01/2005 Low Low 4505
      W32/Mytob.bk@MM   06/01/2005 Low Low 4504

        EMAIL messages to avoid

      The virus arrives in an email message from a systems administrator as follows:

      From: (Spoofed email sender – may choose from the following list)
      support
      administrator
      mail
      service
      admin
      info
      register
      webmaster

      Subject: (Varies, such as)

      Your password has been updated
      Your password has been successfully updated
      You have successfully updated your password
      Your new account password is approved
      Your Account is Suspended
      *DETECTED* Online User Violation
      Your Account is Suspended For Security Reasons
      Warning Message: Your services near to be closed.
      Important Notification
      Members Support
      Security measures
      Email Account Suspension
      Notice of account limitation
       

       Extensions: pif, scr, exe, cmd, bad, zip

    • #3192756

      IE 7 will provide better protection from Spyware

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        IE 7 will provide better protection from Spyware threats 

      IE7 being developed to resist spyware
      http://msn.com.com/2100-1009_22-5745044.html

      IE Blog Information
      http://blogs.msdn.com/ie/archive/2005/06/09/427410.aspx

    • #3174376

      Microsoft Security Updates – June 2005

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

        Microsoft Security Updates – June 2005 Bulletin Summary:

      http://www.microsoft.com/technet/security/Bulletin/ms05-Jun.mspx

      Critical Bulletins:

      Cumulative Security Update for Internet Explorer (883939)
      http://www.microsoft.com/technet/security/Bulletin/ms05-025.mspx

      Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
      http://www.microsoft.com/technet/security/Bulletin/ms05-026.mspx

      Vulnerability in Server Message Block Could Allow Remote Code Execution
      (896422)

      http://www.microsoft.com/technet/security/Bulletin/ms05-027.mspx

      Important Bulletins:

      Vulnerability in Web Client Service Could Allow Remote Code Execution
      (896426)
      http://www.microsoft.com/technet/security/Bulletin/ms05-028.mspx

      Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow
      Cross-Site Scripting Attacks (895179)
      http://www.microsoft.com/technet/security/Bulletin/ms05-029.mspx

      Cumulative Security Update in Outlook Express (897715)
      http://www.microsoft.com/technet/security/Bulletin/ms05-018.mspx

      Cumulative Security Update in Outlook Express (897715)
      http://www.microsoft.com/technet/security/Bulletin/ms05-030.mspx

      Vulnerability in Step-by-Step Interactive Training Could Allow Remote
      Code Execution (898458)
      http://www.microsoft.com/technet/security/Bulletin/ms05-031.mspx

      Moderate Bulletins:

      Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
      http://www.microsoft.com/technet/security/Bulletin/ms05-032.mspx

      Vulnerability in Telnet Client Could Allow Information Disclosure
      (896428)

      http://www.microsoft.com/technet/security/Bulletin/ms05-033.mspx

      Cumulative Security Update for ISA Server 2000 (899753)
      http://www.microsoft.com/technet/security/Bulletin/ms05-034.mspx

      Re-Released Bulletins:

      SQL Server Installation Process May Leave Passwords on System (Q263968)
      http://www.microsoft.com/technet/security/Bulletin/ms02-032.mspx

      ASP.NET Path Validation Vulnerability (887219)
      http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx

      Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow
      Cross-Site Scripting Attacks (895179)

      http://www.microsoft.com/technet/security/Bulletin/ms05-029.mspx

    • #3175029

      Credit Card Security Breach exposes up to 40 million accounts

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      ??? Please check your statements carefully during the next few billing cycles as hackers recently obtained key information related to Master Card accounts.??

      Google News Links

      CNet Article

      Business Week Article

      Information Week Article

      Reuters Article

      KEY IMPACTS

      *? As many as 40 million cards may have been exposed, making it the largest breach of personal financial data in a string of recent cases.

      *? The breach occurred at Card Systems Solutions, Inc., a third-party processor of payment card data who processes transactions on behalf of financial institutions and merchants.

      * CardSystems has already taken steps to improve the security of its system, MasterCard said it was giving the company “a limited amount of time” to demonstrate compliance with MasterCard security requirements.

    • #3174983

      Spam Analysis – How to examine email header information

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

    • #3173552

      Beagle.BT – (aka Bagle worm) New Variant

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      All new versions of the Bagle/Beagle worm are important to watch as they are technically advanced and disguised well to trick users into opening attachments (use of zip extension).

      Beagle.BT – (aka Bagle worm) New Variant
      Beagle.BT – new version of Bagle worm

      W32.Beagle.BT@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on the compromised computer on TCP port 80.

      EMAIL FORMAT

      From: Spoofed.
      Subject: Blank.
      Message: “The password is” or “Password:”
      Attachment: ZIP
      Multiple Zip files may contain copies of the virus, plus an executable copy of the Trojan.Tooso.

      This post originally appeared on an external website

    • #3173304

      40,000,000 credit cards exposed – an update

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Sharing a quick update on latest discoveries. The primary cause of this exposure is improper storage and use of confidential information on their servers, followed by hackers discovering this due to weak security controls. Sad Sad Sad

      1. A new phishing attack has been launched to capitalize on this

      http://www.theregister.co.uk/2005/06/20/mastercard_phishing/

      Quote:
      From: Master Bank [master@masterbank.com] To: Subject: **Your Mastercard online Confirmation** Dear User, During our regular update and verification of the accounts, we couldn’t verify your current information. Either your information has changed or it is incomplete. If the account information is not updated to current information within 5 days then, your access will be restricted.

      2. According to reports, 68,000 MasterCard cardholders have already found fraudulent charges on their accounts.

      3. The head of a credit card processing company whose Tucson center was hit by computer hackers says compromised consumer records shouldn’t even have been in the data base. Under rules established by Visa and MasterCard, processors aren’t supposed to retain cardholder information after handling transactions.

      4. CardSystems Solutions C-E-O John Perry tells The New York Times the data was being stored for “research purposes” to determine why some transactions registered as unauthorized or uncompleted.

      5. He says that the records known to have been stolen covered roughly 200-thousand of the 40 (m) million compromised credit card accounts. They include Visa, Mastercard and other companies.

    • #3175776

      Opera 8.01 released to patch security issues

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Opera Software

      QUOTE: Opera Software today released the first Opera 8 update, Opera 8.01, for Windows and Linux. To fine-tune the well-received browser, Opera 8.01 includes security and small bug fixes as well as JavaScript improvements. This update succeeds the release of Opera 8 on April 19, 2005, which has now reached more than five million downloads.

      Accompanying the Opera 8.01 release for Windows and Linux is the final version of Opera 8 for Macintosh. Read the press release.

      To download Opera 8 visit http://www.opera.com/download/

      View the changelog.

    • #3175445

      TechNet – Some free e-learning resources for SQL-Server 2005

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Click Here: Microsoft resources to prepare for SQL-Server 2005

      quote: Microsoft Learning Resources

      Whether you are interested in database administration, database development, or business intelligence, you will find classroom training, books, free skills assessments, and free* e-learning to help you get up to speed on the newest features of the software. The online assessments help you analyze your current skills, and provide you with a learning plan that recommends books, e-learning, classroom training, TechNet and MSDN resources. Our E-Learning courses are an effective way to learn on your own schedule and feature hands-on virtual labs that provide an in-depth, online training experience.

    • #3175278

      Multiple browsers are vulnerable to the Dialog Origin Spoofing Vulnerability

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Secunia - Stay Secure

      Secunia Research has discovered a vulnerability in various browsers, which can be exploited by malicious web sites to spoof dialog boxes. The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.

      Mozilla / Firefox / Camino Dialog Origin Spoofing Vulnerability
      Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability
      Opera Dialog Origin Spoofing Vulnerability

      If you go to the test page, please make sure no critical applications are open and test cautiously:

      Secunia Browser – Dialog Origin Vulnerability Test

    • #3179015

      Microsoft’s Security Guidance Center

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      Microsoft’s Security Guidance Center

        Home Security Protection

      Get the information you need to protect your home PC. This site puts valuable tips, tools, and training at your fingertips.

      Learn about Computer Security At Home

        Security for IT Professionals

      Find the tools, training, and updates you need to assist with planning and managing a security strategy for your organization.

      Find answers in the TechNet Security Center

        Small Business Security Protection

      Access important resources for updating software, setting up a firewall, and backing up data in a small business environment.

      Visit the Small Business Security Guidance Center

        Designing and Developing Secure Applications

      Learn how to write more secure code with these developer-focused articles, tools, and security resources.

      Get Security Guidance for Developers

    • #3177732
    • #3176802

      MS05-011 – Exploit Code to attack SMB vulnerabilities published

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      ISC Logo

      Hopefully, most companies and individuals have up-to-date on Microsoft security patches.  This new exploit developed in February could be used in future computer viruses and worms. 

      MS05-011 – Exploit Code to attack SMB vulnerabilities published
      http://isc.sans.org/diary.php?date=2005-06-23

      QUOTE: FrSIRT has published exploit code for the recent flaw in Microsoft Server Message Block (SMB). The advisory and patch related to this vulnerability were released on February 8th, 2005. If you still have not patched, you are further urged to do so in light of the release of exploit code.

      FfSIRT – Published exploit (be care as POC code is here)
      http://www.frsirt.com/exploits/20050623.mssmb_poc.c.php

    • #3178473

      MS05-030: Microsoft Outlook Express NNTP Buffer Overflow Exploit

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

      ISC Logo

      Hopefully, most companies and individuals are up-to-date on Microsoft security patches.  This new exploit has just been developed from the MS05-030 security bulletin published in June. It could be adapted for use in future computer viruses and worms. 

      MS05-030: Microsoft Outlook Express NNTP Buffer Overflow Exploit
      http://www.frsirt.com/exploits/20050624.MS05-030-NNTP.c.php

      MS05-030: Cumulative Security Update in Outlook Express (897715)
      http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx

    • #3176593

      Microsoft Tech-Ed 2005 post conference resources

      by harry waldron, cpcu, ccp ·

      In reply to Harry Waldron

       I’ve attended two past Tech Ed conferences and they provide highly focused technical training opportunties.  Microsoft shares a number of post-conference links and publications as noted below: 

      http://microsoft.sitestream.com/teched2005/

    • Track Descriptions
    • Keynotes
    • Strategic Briefings
    • Breakout Sessions
    • Manuals for Hands on Labs & Instructor Led Labs
    • Continuing Your Education