Tag Archive for 'Security'

Symantec CEO profits while company burns!

Published
by
Tom Raftery
on 18/1/2007
in Security
. Comments

Good buddy Dennis Howlett has uncovered, through some clever financial detective work (Dennis is a former accountant), some very dodgy dealings.

It seems that the CEO of Symantec, John Thompson, made $1.5m profit on the sale of Symantec shares very shortly before the announcement to the market of losses by Symantec (and the inevitable share price fall that ensued).

This looks very bad and reeks of insider knowledge (whether or not that is, in fact, the case).

Companies engaged in security need to be whiter than white. When the CEO’s reputation is on the line like this, Symantec needs to explain this one quickly to everyone’s satisfaction of John Thompson needs to resign.

Critical vulnerabilities or a clever marketing ploy?

Published
by
Tom Raftery
on 15/11/2006
in Microsoft and Security
. Comments

Microsoft released updates for critical vulnerabilities in Windows (2000, XP and 2003). This includes fixes for three vulnerabilities that “criminal hackers are already exploiting” according to Brian Krebs.

The patches fix vulnerabilities which can allow remote code execution (it doesn’t come much worse than that!).

Microsoft critical security updates

Personally, I think they are trying to scare people into upgrading to Vista ;-)

Let the conspiracy theories commence…

Ryder Cup blog

Published
by
Tom Raftery
on 15/9/2006
in Blogging
. Comments

I’m delighted to see that all my nagging of my old friend John Prendergast has paid off and he has started a blog!

However, I wouldn’t have been more surprised if it was about crochet! I never knew John was a closet golf fan.

John’s is the Ryder Cup blog (the Ryder cup is the biennial golf competition between Europe and the US). The Ryder cup is being held in Ireland this year.

John has all the Ryder Cup info on his blog from the Park and Ride facilities to security arrangements (no mobile phones allowed - security my arse, they just don’t want any camera phones getting news out before Sky do!) to player profiles.

John also makes use of Microsoft’s Live Local mapping to put up maps of the area and he has and a great looking template too.

Good stuff John - as someone who knows nothing about golf, even I found this site interesting!

WordPress updated to 2.0.4

Published
by
Tom Raftery
on 31/7/2006
in WordPress
. Comments

WordPress was updated to version 2.0.4 over the weekend.

This release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across the board.

WordPress 2.0.4 is available for download here.

Blueface won’t let me make outgoing calls

Published
by
Tom Raftery
on 21/6/2006
in RSS, Security, Technology and blueface
. Comments

I have an account with Blueface - Blueface is a VOIP provider. For €19.99 per month I am supposed to get 1,000 minutes of calls to over 20 countries. All good, so far. The only issue is that for some bloody reason, at the end of every month my credit is deleted and I can no longer make outgoing calls.

Two problems here, in the first place, I should be able to carry the unused minutes I have paid for over into the next month and second, since I have signed a direct debit form, the money should go out of my account, pay for the next month and there should be no interruption to my service.

Come on guys, get with the program or lose a customer. Fast.

UPDATE:

I received the following email from Blueface support:

can you switch off the modem and ATA for 30 secs and then switch them back on and leave them for 5 mins.
if it still doesn’t work thrn let me know.
everything is connected fine and your ATA is registered on our server.

Of course that tells me nothing. I tried turning both the router and ATA off several times today and that didn’t fix it then - why was this time different?

Users are ’stupid’ - Microsoft

Published
by
Tom Raftery
on 5/4/2006
in Malware, Security and Windows
. Comments

I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):

what I do, is to re-install the OS - more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.

It seems that I was on the money with that advice - eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:

When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit

Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.

Danseglio said:

We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,

This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.

The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:

Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity

Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.

Tom Raftery’s Social Media is Digg proof thanks to caching by WP Super Cache!