Security Roundup

Lots of security stuff to comment on today, so I thought I would do a news post with links to them all, save us all some time. ;)

Spamdexing “R” Us A researcher is curious as to how many times a user can get hit with a driveby download and malware infection just by clicking on a Google search result. He took the AOL search data that was released accidentally by AOL and tried to figure it out.

A Fresh Look at Password Thieves Security Fix is still looking at the damage caused by VisualBreeze or “Vbriz” Trojan, it’s also known as “Dimpy.Win32VB.” Thousands of people are affected.

Malicious Web Site / Malicious Code: MS07-009 Exploit Code Released A full exploit was released for MDAC vulnerability MS07-009. Patch is available here.

Windows weakness can lead to network traffic hijacks IE still looks for proxy servers when it starts up, a malicious employee inside your network could take advantage it, here is how and how you can avoid it.

Many net users ‘not safety-aware’
Less than half of the UK’s internet users believe they are responsible for protecting their personal information online.

SANS to certify programmers for security nous The SANS Institute has assembled security vendors to create a secure coding assessment and certification exam for programmers. Participants have the option to sit through four exams leading to GIAC Secure Software Programmer (GSSP) status. The four examinations cover a specific programming language suite: C/C++, Java/J2EE, Perl/PHP and .NET/ASP. Visit here for the new website.

Trend Micro Moves Security into the Cloud Trend Micro’s products rely on a dynamic database of IP addresses that are updated constantly to prevent users from accessing sites that are known to distribute the malware used to build botnets. This domain reputation database maps over 300 million domains daily, and every five minutes there is a new entry.

The term “cloud services” refers to a wide range of services delivered on demand to companies and customers over the internet. These services are designed to provide easy, affordable access to applications and resources, without the need for internal infrastructure or hardware. Then also do not forget that if you are running cloud-based services that you will need to be ISO 27017 certified so get the professionals in to help with that. Security Several security vulnerabilities have been reported on in the media in the last week, where users’ PCs could be open to attack if they opened certain documents or websites.

Vulnerability Summary for the Week of March 19, 2007 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.