Date: 10/09/06 (Open Source)    Keywords: security

That's one honest way you can spin a Business Week column, published Friday, written by Coverity CTO Benjamin Chelf. That's now how Business Week spun it, however. "Insecurity in Open Source" is their headline. The story is that Coverity ran 50 open source projects through its bug-checking system, as well as products from 100 proprietary makers. "On average, [...]

Source: http://blogs.zdnet.com/open-source/?p=809

Date: 10/09/06 (Security)    Keywords: security

Commentary--McAfee Chief Scientist George Heron says a technological dispute could usher in a new age of insecurity.

Source: http://news.zdnet.com/2100-1009_22-6124040.html

Date: 10/10/06 (WebDesign)    Keywords: xml, security

I have a SWF loading an XML file from a remote location, on an HTTPS server. I'm testing the swf from a local machine. In Firefox, the XML data loads and displays just fine in the SWF, but in IE, the data doesnt display at all, and I'm not sure if it's even loading.

Is there a security setting I need to be aware of? has anyone else run into this?

Thanks.

crossposted to all_too_swf

Source: http://community.livejournal.com/webdesign/1177668.html

Date: 10/11/06 (Security)    Keywords: software, security

Business software giant will add severity ratings to its security bulletins, helping customers prioritize patching.

Source: http://news.zdnet.com/2100-1009_22-6124739.html

Date: 10/12/06 (IT Professionals)    Keywords: programming, software, security, microsoft

Are any of you familiar with the Microsoft Shared Computer Toolkit? It's a handy little tool from Microsoft that allows you to optimize a user profile for shared usage, or as we've found, for stations or kiosks that need to perform a very specific task. We primarily use it as a means to prevent Windows from accumulating profiles as AD users log in - part of the toolkit is Windows Disk Protection, which saves redirects all "writes" to the Windows partition to a seperate partition, then simply discards the changes upon a reboot.

I work at a university computer lab with approximately 4000 users connected to a school-wide Active Directory domain forest. Part of the predicament we are having is Administrator access. See, to even get into the door you have to be a computer science major, so these kids are a little more intelligent than your standard computer user. As CS majors, they're required to write programming assignments using Visual Studio and god knows how many debuggers. We fear that while one student uses his computer all night to further his research, another student is writing and installing a rootkit or a keylogger, another is serving porno movies he downloaded from Bittorrent, yet another is using his administrative rights to steal his peer's homework assignments, and another is logging everyone out with the shutdown command so he can build a botnet. As such, we've denied them Administrator rights.

If you can imagine hell, it's getting 30GB of specialized software to run in anything but Administrator mode. Students can't install it themselves, so we have to install it on an image and deploy it to a set of computers using Ghost. We use the Toolkit to facilitate this, as it automatically saves Microsoft Updates and is capable of running a maintenance script of our choosing when it runs (which calls another script on a network share). However, we have students and professors screaming at us to give us Administrator rights on the machines, and we're trying our damndest to provide that to them. My questions for all of you are as follows:

As Administrator, the student would have full access to the hard drives, including the folder which holds the Toolkit. It holds that even if we lock the folder down with permissions, ownership, and security, another Administrator can just reverse all that an unlock it. Is there any way around this, so that only ONE administrator can modify ownership and permissions for a folder?

They can modify our maintenance scripts to run whatever they want, provided they disable or save changes to the drive with the toolkit first. I'm vaguely aware that Group Policy can forbid access to certain programs, but I've never used it. How simple is it to set up? Does that apply to EVERY profile created on the machine, including our own?

We're specifically eyeballing Faronics Deep Freeze to replace the SCT if necessary, but the free SCT appears to do all we need it to do. If you've used both, which did you prefer?

If you were in my situation, realistically how would you accomplish this? Assume you have roughly 200 identical computer shared between 4000 users in an Active Directory environment. You don't control the domain controller, but you have full control over a specific OU on the controller. We're simply looking for a way to allow Administrator access without the student saving any changes to the Windows Partition.

Thanks for your help!

~Elliot

Source: http://community.livejournal.com/itprofessionals/44673.html

Date: 10/12/06 (Security)    Keywords: security, spyware

Most office workers can't be made to care about phishing, rootkits or spyware, says doctoral student. Other security specialists disagree.

Source: http://news.zdnet.com/2100-1009_22-6125213.html

Date: 10/16/06 (Security)    Keywords: security

Aiming to satisfy EU, gives rivals data to help Security Center concern--but still hasn't dealt with PatchGuard problem.

Source: http://news.zdnet.com/2100-1009_22-6126194.html

Date: 10/17/06 (Security)    Keywords: security

Free flow of information on Net can help disaffected people in U.S. "radicalize" themselves, says security czar.

Source: http://news.zdnet.com/2100-1009_22-6126510.html

Date: 10/18/06 (Security)    Keywords: technology, security

Companies should look to technology to make up for employees' lack of security savvy, authors recommend.

Source: http://news.zdnet.com/2100-1009_22-6126924.html

Date: 10/19/06 (Web Technology)    Keywords: software, browser, security

The software maker launches its first major update to the browser in years, offering tabbed browsing and security additions.

Source: http://news.zdnet.com/2100-9588_22-6127277.html

Date: 10/19/06 (Security)    Keywords: security

Powwow to discuss planning for creation of techniques that let security companies use core components of 64-bit editions of the next Windows operating system.

Source: http://news.zdnet.com/2100-1009_22-6127355.html

Date: 10/20/06 (Security)    Keywords: security, microsoft

Reports of a security bug are flawed, Microsoft says. However, there are some compatibility woes and Microsoft servers are buckling under high IE 7 demand.

Source: http://news.zdnet.com/2100-1009_22-6127792.html

Date: 10/20/06 (Security)    Keywords: security, microsoft

Wanting details on Vista security, McAfee says Microsoft is stalling. Microsoft says it has its own timetable.

Source: http://news.zdnet.com/2100-1009_22-6127853.html

Date: 10/21/06 (Security)    Keywords: security

The Windows update no longer allows a driver hack demonstrated at the Black Hat security confab. But the fix may spell trouble.

Source: http://news.zdnet.com/2100-1009_22-6128219.html

Date: 10/22/06 (Computer Help)    Keywords: security, microsoft

(This was cross-posted to a few places and is still unsolved.)

I'm trying to play a MMORPG that attempts to download and install DirectX before it's playable, and I've been getting that error where DirectX fails to pass Windows Logo testing, and I have tried several things that're posted on the Internet (renaming catroot2, checking to make sure that Cryptographic Services is enabled/started, etc.).

My computer says that I have DirectX installed already, but the game still prompts me to download/install it, and it still doesn't pass Logo testing.








I've also found that Windows Update, whether I initiate it from Microsoft.com or from the Security Center, will not update. I have 33 updates to download, and 1 succeeds no matter how many times I try.

For both the DirectX problem and the Update problem, I have tried everything I could from this article, with no luck.

I'd also like to note that Internet Explorer's installation also gives me this error: "Setup could not verify the integrity of the file Update.inf."

Source: http://community.livejournal.com/computer_help/699399.html

Date: 10/24/06 (Security)    Keywords: software, security

Windows Defender a direct challenge to competing products from security software vendors.

Source: http://news.zdnet.com/2100-1009_22-6128978.html

Date: 10/25/06 (Security)    Keywords: security

Counterpane security guru Bruce Schneier joins BT Group as it tries to increase network security for business customers.

Source: http://news.zdnet.com/2100-1009_22-6129284.html

Date: 10/25/06 (Security)    Keywords: browser, security

Security experts find a weakness in Internet Explorer 7 that could help crooks mask the type of attack the browser was designed to thwart.
Image: IE 7 spoofing bug

Source: http://news.zdnet.com/2100-1009_22-6129626.html

Date: 10/26/06 (Security)    Keywords: security

A pair of security flaw reports are "just noise" and don't present any real risk to Firefox users, Mozilla says.

Source: http://news.zdnet.com/2100-1009_22-6129663.html

Date: 10/26/06 (Security)    Keywords: software, security

Security software maker cites disappointing sales in Europe as big weakness in the second quarter.

Source: http://news.zdnet.com/2100-1009_22-6129794.html