SON SON

The are a couple of things that are essential to any hacker’s walk of life. To name a few, there’s the ubiquitous flash drive for data transfer. You have the crossover cable for even faster data transfer. There’s the WiFi antenna for high gain and strong amplification.   Possibly, you might find a video capture …

Only hours after Microsoft released a patch for the Windows Schannel Security Package, the researcher who discovered the vulnerability, Thomas Lim of COSEINC, released a public exploit for it. According to Microsoft, the Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page or used an application that makes use of SSL/TLS. In an e-mail to the Full Disclosure mailing list, Lim said that he discovered the vulnerability on August 28, 2006, and reported it to Microsoft on March 19, 2007. Researchers typically, although not always give a vendor time to patch a vulnerability. Once the vulnerability has been patched by the vendor, a researcher may make an exploit public to help system administrators test the patch and to minimize its value on the black market.

Introduction to Windows Firewall The introduction of high-speed Internet connectivity has created a powerful and extraordinary computer networking experience. This newfound burst of bandwidth has launched new innovations in information exchange, media access, and other advanced computing experiences. Unfortunately, this technology has also created a very accessible conduit to the internals of your computer. Using these open and available digital pipelines, it’s now easier than ever for hackers, worms, and viruses to attack your unprotected home and home office computers. These threats aren’t exaggerations thrown around by computer industry pundits or descriptions of theoretical worst-case scenarios. A test in my lab found that a computer added onto a previously unconnected cable-modem connection was found by automated hacker tools in three minutes, attacked by an Internet worm in eleven minutes, and it only took five hours before a hacker was running active scans against my computer in an attempt to find …

You can configure Windows Vista to install without having to manually enter the product key during the setup process. This is quite useful if you find yourself in need to perform an installation of the OS but without having the (legal) product key with you at that very moment. Unlike previous Windows versions where you had to have a CD Key handy during the installation of the OS, the Windows Vista setup process only makes it appear as if you have to enter a product key to install it. During the setup program’s progress you will reach a dialog box that will ask you to enter a valid product key. Here is where the fun part starts. You can actually leave it blank! Next click No in response to the “Are you sure” dialog box. You will now be presented with a list of all the different Windows Vista versions …

Microsoft announced plans Thursday to issue four “critical” security bulletins next week that address vulnerabilities in its Windows Mail, Internet Explorer and Windows XP. Six bulletins in total, including the four critical fixes, will be released, according to Microsoft’s advance advisory notification. “Critical” is the most severe ranking Microsoft assigns to security flaws. That classification typically indicates that a system can be compromised remotely with little interaction required by the user. Specifically, Windows XP Service Pack 2, Windows Server 2003, IE 5.01 running on Windows 2000 with SP4, Outlook Express and Windows Mail in Vista are among the affected software. Ironically, Microsoft has touted Vista as its most secure version of Windows to date, but even last April the software giant had to issue an emergency update that fell out of its usual monthly patch cycle. The security update is designed to address Windows Mail in Windows Vista and Windows …

After finishing dead last in a comparative antivirus test, recently garnered some positive press. The latest tests performed by AV-Comparatives.org seem to show an improvement, with OneCare moving up two places. While OneCare is certified by West Coast Labs and ICSA, it is the competitive independent antivirus testing results that mean more in terms of how well a product performs in the real world against real malware. Thus, some might argue that things are looking up for the nascent Redmond antimalware team. That’s until you look closer at the tests. AV-Comparatives performed two different tests, months apart, alternating between real-time detection and on-demand detection. The two tests are not the same. With real-time detection, a fully updated version of the antivirus product is exposed to a list of viruses (and their variants) currently in the wild. This is the test that OneCare failed back in February. On-demand tests use a …

Parents of teens already dread getting their monthly cell phone bill, and it could get even worse. The reason comes from an unlikely source: soda pop.

Microsoft on Thursday said it has acquired privately held Stratature, a company that specializes in so-called master data management software. Through the acquisition of the , Microsoft will build master data management tools into its Office System line. The move complements the company’s strategy to bulk up the business intelligence tools in Office and SQL Server. describes a way to store information according to certain attributes so it’s easier to retrieve and work with. For example, information from various sources can be aggregated relating to customer, product or partner. The idea is that by using master data management with Office, people will more easily find appropriate information, particularly data aggregated from multiple sources. IBM has in master data management capabilities, which are typically included in package applications from SAP and Oracle as well.

At last week’s Interop shindig, Cisco Systems CEO John Chambers’ annual walk-about keynote presentation focused on “Web 2.0 creep” and its impact on the network. According to Chambers, enterprises will adopt Web 2.0 tools like blogs, wikis and Web video and bring today’s networks to their knees in the process.  While I believe that the enterprise Web 2.0 trend is in its early genesis phase, I tend to agree with Mr. Chambers’ hypothesis. Enterprise networks have grown organically over the past 15 years–a switch here, more port capacity over there, add a wireless access point, etc. The design criteria were simple: extend the network and move packets as quickly as possible. Any problem along the way was easily solved by adding more bandwidth. This formula was effective in the old client/server days, but it doesn’t cut it anymore. Why? Applications are designed across multiple loosely coupled tiers and delivered over …