How to Prepare for Microsoft Certifications Earning a Microsoft Certification could be the beginning or continuation of an enduring career that will include the strengthening of their technical skills, collaboration with other professionals ...

Readmore

Prometric offers vouchers of up to 25% off ... Hello people, I just received an email from Prometric informing a discount of up to 25% on Microsoft Certifications. The promotion is valid until December 31, 2009 or even last for the ...

Readmore

50% discount on Microsoft Certifications to ... Hello guys, Prometric is providing for students a 50% discount on Microsoft certifications. The promotion is valid until June 30, 2010. For more details visit the ...

Readmore

Book - Administration and Maintenance Environment ... Hello people, For those who are preparing for the exam 70-290 book Administration and Maintenance Environment Microsoft Windows Server 2003 is a great material. I recommend.

Readmore

Prometric offers vouchers of up to 25% off ... Hello people, I just received an email from Prometric informing a discount of up to 25% on Microsoft Certifications. The promotion is valid until December 31, 2009 or even last for the ...

Readmore

twitter

Twitter Facebook

Browser security is under attack from the group Anonymous

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , , ,

In an interview, CEO of HBGary Federal stated that infiltrated the group of activists and obtained the name of its members; response was immediate.

The pro-Wikileaks selftitled Anonymous group attacked the security company HBGary Federal, after the researcher and CEO, Aaron Barr, revealing that infiltrated the group and obtained the names of some of its members.

In an interview with the Financial Times on Sunday (6/2), Barr said he did not intend to deliver the data to the police, but would release the identity of Anonymous leaders next week at the conference Security B-Sides, which occur San Francisco (USA).

Continue Reading

With the new method, Microsoft Research uncomplicated creation of strong passwords

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , , , ,

Technique proposed by researchers using statistical control to stop passwords 'popular', which could be subject to guessing attacks.

Tired of the restrictions on creating secure passwords that defy memory? A more friendly - and much easier to remember - has been proposed by Microsoft Research, the research arm of the manufacturer of Windows. The secret: limited, statistically, the popular use of passwords, to dilute the risk of guessing and discourage cybercriminals.

The idea - proposed in an article signed by researchers Cormac Herley and Stuart Schechter, Microsoft Research, and Michael Mitzenmacher, Harvard University - is to create a software "oracle" that would be consulted at every moment of password creation. A password would be barred widely used, in turn, a word rarely used, even though easy to remember, would be allowed.

In the study, which will be presented at Hot Topics in Security in 2010, in Washington DC on August 10, the researchers point out that the passwords generated by users are victims of common statistical guessing attacks - a method by which the cybercriminal forehead with passwords as a basic word dictionary classified by popularity.

Normally, a site tries to fend off attacks based on guessing in two ways: 1) limit the number of guesses that can be done and 2) reduce the fraction of accounts that use the most popular passwords. The latter case has been strengthened by the application of rules for creating passwords - require the most common combination of letters and numbers, and minimum use of special characters such as "Ne $ 1o7."

These criteria are used to define if a password is weak or strong, but researchers have questioned these models. "Most power meters (password) identify a string of 32 lowercase letters as any one weak password, while Windows Live ID say '@ Aaaaaa' is a strong password and Yahoo say 'P @ ssword' is a strong password, "says the study.

Probabilistic Data
Alternatively, they propose the adoption of a "probabilistic data structure" that would be used to track the popularity of whatever password. Passwords whose popularity has reached a certain level would be denied, and the user would have to find another word, also easy to remember, as your password.

For researchers, a dangerously popular password is the one whose frequency of use exceeds a certain threshold - say, has been used once every million users. If this limit has been deployed successfully, an attacker who wanted to test whether a supposedly popular password - for example, '123456 '- could jeopardize up to a millionth of users.

"The substitution of rules for creating a password for a system based on limited popularity can potentially increase both the security and usability," the researchers argue in the article. "Our proposal has a precedent. The Twitter , in response to a password-guessing attack that exploited their failure to block invaders, now prohibits the 390 most common passwords. It seems that Twitter decided that the measure would cause less inconvenience to users than the introduction of policies for creating complicated password. "

The authors point out, however, that the statistical control of passwords best applies to databases passwords for a large scale, such as Internet service like Twitter or Facebook .

Flash exposes sites failed to attack

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , , , , , , ,

A flaw in the software Flash, Adobe, can be exploited by attackers to compromise any site that gives permission to update content - if, for example, Google Gmail - and then silently attack visitors of these sites, said today (13 / 11) researchers from a U.S. security company.

Adobe does not refute the claims of the researchers, but said it is the responsibility of the designers and administrators to build web applications and sites capable of preventing such attacks.

"The size of the problem is huge," said Mike Murray, executive security Foreground Security, Florida. "Any site that allows updating content for the visitor is vulnerable, and most of them are not ready to handle it."

Permission risky
The problem is in the rules of operation of the Flash ActionScript, which is programmed to allow access to a Flash object to other content only from the area where it originated, said Mike Bailey, a senior security researcher at Foreground.

Unfortunately, Bailey explains, if an attacker can infiltrate a malicious Flash object on a Web site - through their ability to generate content, which typically allows people to update files on a site or service - they can run malicious scripts in the context of this domain .

Bailey explained how a hacker could exploit the flaw in Flash. "It is relatively simple," he said. "All he needs to do is create a malicious Flash object, and load it on the web server."

"If a forum allows people to upload an image as an avatar, someone could upload a malicious Flash file that looks like an avatar," said Bailey. "Anyone who saw this avatar would be vulnerable to attack."

Hopeless
In response to the Foreground, Adobe said the flaw is "incorrigible", and tries to educate administrators to obscure the site themselves, the hole. But the strategy has not been having much success.

Brad Arkin, Adobe's director for privacy and product safety, agreed that the problem can not be solved with a patch for Flash.

"For us, this is a generic problem that affects any site that allows active scripting, not just Flash, but technologies like Silverlight and JavaScript. Even if Flash had a magical protection, the problem would still exist for all active content sites that allow users to upload files. "

Alternatively, Adobe has focused on good design practice, explaining to designers and site administrators the risks of allowing users to update content. "Sites should not allow updates in trusted domains," Arkin argues.

Even GMail
One of the sites at risk of malicious attacks is GMail, Google. The service is one that allows users to update and download attachments - although Bailey admits that exploit Google's webmail is "extremely difficult".

Although Foreground has not detected any attack with this technique, Murray said there was evidence that hackers are turning to such tactics. "We started to notice a more intense use of Flash in the last days," he said.

Meanwhile, the only real defense that users can employ against such attacks is to stop using Flash - or, if that is impossible to restrict its use to sites known to be safe with tools like NoScript addon ToogleFlash Firefox or Internet Explorer.

Source: http://idgnow.uol.com.br/seguranca/2009/11/13/falha-no-flash-expoe-sites-a-ataque-hacker/

Networks of zombie computers infest the United States

Posted by Luciano Lima | Comments: (0)

Category: Malware , Security

Tags: , , , , , , , , , , , , , , , , , , , , , ,

The biggest one is called Zeus, serves 3.6 million machines and can be used to send spam and denial of service.

The attacks from networks of computer s zombies , botnets, are already of concern in the U.S.. After installing malicious code on the user machine, these groups use the PC for sending mass e-mails unsolicited ( spam) .

The goal of these networks is to send millions of emails by compromised PCs and thus steal personal data and promote denial of service attacks, among other possibilities.

Learn the ten largest botnets in the United States. The survey was based on estimates from the security company Damballa, which analyzed the size and activity of the networks in the country.

1. Zeus
Compromised PCs: 3.6 million

Primary Use: the Trojan-horse uses a tracking technique of typing to steal sensitive data, such as user names, passwords, bank account numbers and credit cards. To this end, it includes codes of HTML pages for online banking login.

2. Koobface
Compromised PCs: 2.9 million

Primary Use: This malicious code spreads through social networks MySpace and Facebook messages with false or comments from supposed friends.

Clicking on a link to a video, the user is prompted to download an update - as a codec - which is actually a malware. The plague has already thousand variants , says security firm Kaspersky.

3. TidServ
Compromised PCs: 1.5 million

Primary Use: it spreads like a spam and attachment techniques using rootkits to hide in common services of Windows operating system, even in their mode of navigation safety. In general, he manages to hide most of its files and records in the system.

4. Trojan.Fakeavalert
Compromised PCs: 1.4 million

Primary Use: This botnet was used to send spam. His strategy, however, changed to download other malware, with a focus on security alerts and antivirus false.

5. TR / Dldr.Agent.JKH
Compromised PCs: 1.2 million

Primary Use: This Trojan-horse disclose encrypted data to remote areas of control and regularly receives instructions on them. Generally charged by other malicious code, the TR / Dldr.Agent.JKH is used as a clickbot for fraud by false clicks on ads, generating money with ads for the 'bot head.'

6. Monkif
Compromised PCs: 520 000

Main use: to download a program that displays unwanted advertisements on computers compromised.

7. Hamweq
Compromised PCs: 480 000

Primary Use: Also known as IRCBrute, or a worm that runs automatically, Hamweq copies itself in the system and to find any removable drive.

It has an efficient mechanism to spread, it creates records to enable automatic execution and includes the Explorer.exe file. The PC that controls the botnet can execute commands and receive information from all systems contaminated.

8. Swizzor
Compromised PCs: 370 000

Main use: download and run files through the Internet without the user's knowledge. From there, it installs an adware and other-a Trojan horse.

9. Guammima
Compromised PCs: 230 000

Primary Use: steal logins, passwords and other account information from online games by rootkit techniques. It spreads through removable media like USB hard drives.

10. Conficker
Compromised PCs: 210 000

Primary Use: This worm spread efficiently throughout the world, but not both in the United States. Also called Downadup, is complex and used to propagate malicious code. According to Kaspersky, Brazil is the third-most infected by Conficker .

Although it has been used to sell fake antivirus products, currently its only purpose would be spread by machinery. Experts, however, believe it may represent a greater danger greater.

Source: http://idgnow.uol.com.br/seguranca/2009/07/24/redes-de-pcs-zumbis-infestam-estados-unidos/

CEOs ignore security risks, says survey

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , , ,

The CEOs are the ones who underestimate the risks of information security in their organizations , according to a study conducted by U.S. research Ponemon Institute, which heard 213 senior professionals from organizations.

About 48% of Chief Executive Officers (CEOs) surveyed said that they seldom crackers (cyber criminals) try to access company data. On the other hand, about 53% of other executives in the survey believe not only that the attacks occur almost daily as they are.

Differences of opinion are also clear when the study asks what the goals of efforts to protect corporate data. In the case of CEOs, most of them points out that it is critical to maintaining a good level of customer satisfaction and ensure the management of the company's image in the market. For the other officers, security projects are essential to meet regulatory standards.

Another finding of the Ponemon survey refers to the difference of opinion - compared the responses of CEOs and other executives - as to who is responsible for the protection of corporate data. More than half of the presidents said that CIOs are responsible for this task. The rate drops to 24% when considering the other professionals in the hearing research.

iPhone is vulnerable to attacks after release by user

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , ,

Willing to "unlock" your iPhone ? For he knew that a security expert says that the so-called jailbreak (a process that opens the cell for applications not recognized by Apple) makes the unit more vulnerable to attack, it disables most of the original protections.

The statement is Charlie Miller , known for wading through Apple products in search of security flaws. He has won two years running the CanSecWest contest, in which computer s are invaded within a few minutes. "If you care about the safety of the device, do the jailbreak," he says.

Miller made the statement during the conference Syscan, held in Singapore. According to the expert, the process removes about 80% of the protection features of the device, making it more vulnerable. He says that the version of operating system used by the iPhone (no changes) is more secure than Mac OS X used on desktops or Laptops + Computers & franq = 167706 "target =" _blank "rel =" external "title =" notebook "> notebook s, for example.

This is due to the fact that these various capacities in the Mac version of the system are not part of the iPhone software such as Flash and Java support. Furthermore, the iPhone also does not support features contained in PDF files (responsible for various vulnerability s Mac OS X). Thus, the crackers have little vulnerabilities to exploit, according to Miller.

To complete the original iPhones with software are limited to run applications that were approved by Apple, which means that a cracker can not simply install and run software on your phone. And the iPhone has hardware protections for the data stored in its memory.

There are two types of unlocking the iPhone, which allows the unit to work with any carrier and jailbreak already explained.

Adopted by many users with greater knowledge of the device, this controversial procedure broadens the range of software options and carriers, but also can make the smartphone slower, and make the phone crash more frequently.

pixel iPhone fica vulnerável a ataques após desbloqueio por usuário