InfoSec Philippines

Information Security, Technology News and Opinions

Info Sec News, Dec 8, 2008 Updated

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 8, 2008

Upcoming details for this month’s Patch Tuesday can be found in Heise Online’s Microsoft wants to close six critical holes and PC World’s Microsoft readies Eight New Security Patches.

A Secunia blog states that 98% of all PC’s aren’t fully patched as was also reported in The Register and SCMag UK. No doubt this contributes to the millions of PC’s out there that are used as zombies unbeknownst to their owners. This happens mostly because people have too much confidence in their Anti Virus in stopping all threats. I’ll write about this more in another post, as for now, you might want to check out Secunia’s freely available Personal Software Inspector to check for patches their PCs may need.

Trend Micro researchers though, say that vulnerabilities only play a minor role (5%) in attacks. And that most attacks (53%) come in the form of Social Engineering attacks wherein the user is duped into downloading malware. An example of this would be fake anti-virus products that take up the top three positions in BitDefender’s Top e-threats (Heise Security also gives the list here). Which reminds me of what Zot O’Conner said in his talk at the Renaissance Makati in late October… that you cannot design a security product to defend against a user that just clicks and accepts anything.

In related news, Security Park reports that Human error continues to be the top cause of IT security breaches primarily because individuals are given the option to bypass them.


Other Security News
Center for Strategic and International Studies publishes report on Securing Cyberspace
Distributed SSH attacks bypass blacklists
New variant of DNSChanger in mass DNS hijack
The debate resumes over Mac Security
Identity Theft breaches on the increase in the US
(Security Focus) US Commission calls for Cybersecurity Czar
(Security Park) Free malware search tool helps financial institutions identify web attacks targeting their websites
SANS Webcast on December Threat Update
SANS Webcast on What Works in Security Information and Event Management
(Linux Security) New Wireshark Packages fix Vulnerabilities
(Linux Security) Never Installed a Firewall on Ubuntu? Try Firestarter
(Linux Security) Debian: New Linux 2.6.24 packages fix several vulnerabilities
(NY Times) Thieves Winning Online War, Maybe Even in Your Computer
(Translated by Google) 21 Million German Citizen’s Account Numbers in Circulation

Advertisements

One Response to “Info Sec News, Dec 8, 2008 Updated”

  1. […] See earlier Post for the CSIS report Update on Browser Password Management Security […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: