Monday, September 21, 2009

Monday 09/21/09

Microsoft warns of support changes to Windows Server

It will retire Windows 2000 Server, end service packs for Server 2003, next July
By Gregg Keizer , Computerworld , 09/16/2009

http://www.networkworld.com/news/2009/091609-microsoft-warns-of-support-changes.html



On that same date, Windows Server 2003 and Windows Server 2003 R2 will exit mainstream support and drop into extended. To continue to receive non-security fixes, customers must enroll in Extended Hotfix Support (EHS); only customers who already have Premier Support or Software Assurance contracts are eligible. Customers on a Premier Support plan must buy into EHS within 90 days of July 13, 2010.



----------



Canada debates tech future after Nortel sale

The Canadian government will allow the sale of Nortel's business and wireless units to foreign competitors, ending the reign of one of the country's largest high-tech firms. Some analysts expressed worry the deal signals a downturn in Canada's technology industry as investments and local ownership dwindles. The Wall Street Journal (9/21)



----------



As Windows 7 approaches, PC sales get a boostDespite past trends, reports of increasing demand suggest consumers aren't waiting for the upcoming release of Windows 7 to make PC purchases. Analysts say strong marketing and upgrade offers have helped boost sales ahead of the operating system's debut in October. Computerworld/IDG News Service (9/18)



----------



Trojan outwits single-use-password securityHackers were able to steal $447,000 from the bank account of a California construction firm, even though the company was using a one-time password system. Updated Trojan malware programs allow hackers to conduct transactions in real time while the account holder is still online. Experts say security systems should have multiple components, since no one measure is perfect. MIT Technology Review (9/18)



----------



Bank of America sees steady future for IBM mainframe staff

Computerworld (9/18)



No story here, just thought I'd throw this in for Bob!



----------



FCC to issue Internet-neutrality proposal

The chairman of the Federal Communications Commission is expected to unveil a "Net neutrality" proposal today that would prevent Internet service providers from impeding certain types of traffic. Yahoo!/The Associated Press (9/20)



----------



Skype, SIPfoundry announce interoperability
Following on the heels of a similar interoperability announcement we reported on last week, Skype and SIPfoundry have announced that sipXecs has been certified as interoperable with Skype for Session Initiation Protocol. As was the case with ShoreTel, SIPfoundry is using a beta version of the Skype software. SIPfoundry is a nonprofit open source community, and the sipXecs IP PBX is free and can be downloaded by anyone. Read full story



----------



Breaking news: Dell to acquire Perot Systems for almost $4 billion
Dell Inc. announced today that the computer giant is buying Perot Systems Inc. in a transaction valued at approximately $3.9 billion. The merger is expected to close in Dell’s November-January fiscal quarter.



----------


September 18, The Register – (International) World’s nastiest trojan fools AV software.

One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus (AV) programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said. Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process. A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 percent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs. Of Zeus-infected machines, about 31 per cent do not run AV at all and 14 percent run AV that is out of date. The remaining 55 percent had AV programs that were up to date. Source: http://www.theregister.co.uk/2009/09/18/zeus_evades_detection/



----------

Microsoft to ship free security software soon Microsoft has told beta testers of its free antivirus software, Microsoft Security Essentials, that it will release the final version to the public soon.

In an e-mail Sunday, Microsoft thanked beta testers for their help and said that the polished edition of Microsoft Security Essentials would ship "in the coming weeks." Microsoft also urged beta testers to upgrade to the newest version of the test software to make the transition to the final as smooth as possible.

Read more...

----------

OpenID implementation works on mobile platforms
Swedish company Accumulate has implemented a version of the OpenID standard for mobile phones.

OpenID is a Web-based, single sign-on platform that lets users log in to many different sites using a user name and password via a third party. Currently it works at more than 50,000 Web sites, according to Accumulate. The new Mobile OpenID client works with devices based on Android, Nokia Series 40 and 60, Windows Mobile, BlackBerry devices and phones that support Java. There is also a browser-based client for the iPhone, and Accumulate is currently working on a native client for the Apple's smartphone.

----------

Sticker shock over data-loss prevention products could be short-lived
Data-loss prevention products can potentially save organizations a bundle by preventing the escape of sensitive information. But the six-figure starting price for a typical enterprise deployment of host and gateway-based DLP is tough for many to swallow.

The good news is that prices are expected to fall heading into next year as more vendors enter the fray and more choices for how to roll out DLP emerge.

"If you're dealing with a couple thousand seats for DLP, expect $250,000 to half a million," says Forrester Research analyst Andrew Jacquith. "But we will see price erosion because of competition."

----------

Microsoft Releases A "Fix it" Workaround For SMBv2 Vulnerability
As pointed out by several folks writing in to the ISC Handlers group, Microsoft has updated its Security Advisory 975497 - Vulnerabilities in SMB Could Allow Remote Code Execution - to include a "Fix it" workaround that makes it rather easy to disable SMBv2.

The "Fix it" links can be found in two locations:

- Microsoft Knowledge Base Article 975497

(and my personal favorite)

- The Microsoft Security Research & Defense Blog

----------

Corporate impersonation:
http://www.theyesmen.org/blog/screwed
Early this morning, nearly a million New Yorkers were stunned by the appearance of a "special edition" New York Post blaring headlines that their city could face deadly heat waves, extreme flooding, and other lethal effects of global warming within the next few decades. The most alarming thing about it: the news came from an official City report.

----------

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008.

  • Easy way to disable SMBv2
  • First exploit for code execution released to small number of companies
  • Mitigations that help prevent attacks
  • Status of fixes
----------

No comments: