Microsoft Issues Patch to Close Zero Day Hole

Microsoft has issued an unscheduled patch to close the security hole in IE in its MS08-078 Security Bulletin.

---

A Security Park report states that according to Panda Security, there has been as much malware in the first months of ’08 as the last 17 years combined.

Related links:
SANS published a 61 page whitepaper by Mark Baggett, GCIH, on the Effectiveness of Anti-Virus vs Metasploit Payloads
Anti-Virus Rants Blog

---

Computerworld Security lists 3 simple ways to protect from Social Networking Malware: 1. Have a stronger password, 2. Be wary of 3rd party apps 3. Beware of user generated SPAM.

Now I’m wondering if there are tips out there regarding Friendster since they obviously have a problem with the SPAM I’ve been getting from a couple of users.

---

CDW has a 2 page whitepaper on Making the Case for Security Spending

---

UPI.com Homeland and National Security Editor Shaun Waterman wrote about the questionable effectiveness of FISMA in real world use. The article states that the US Justice Dept got a grade of A-, because FISMA is primarily concerned with “ensuring that all agencies ‘have policies and procedures to enhance the security of information in their IT systems. [however FISMA does] ‘not assess whether the Department has actually implemented these processes, nor did it assess the actual security of the Department’s IT systems.'”

---

The US Center for Strategic and International Studies (CSIS) recommends a Cybersecurity model based on Nuclear Nonproliferation. This is because of the seriousness and complexity of cyberthreats, which require a coordinated approach that spans agency jurisdictions, borders and sectors.

See earlier Post for the CSIS report

---

Update on Browser Password Management Security

In the test by Chapin Information Services (CIS) Opera and Firefox each passed seven of 21 tests, IE passed five tests, and Safari and Chrome each passed two tests.

(The Register) Browser Password Security Test
(Chapin Info Services) Google Chrome receives lowest Password Security Score

---

Other Security News.
(Bank Info Security) Where the Jobs Are: 5 Hot Career Tips for 2009
(Bank Info Security) Top Certifications for Industry Pros

Advertisement

In the News Today, Nov 4, 2008

TrueCrypt encryption software releases version 6.1..

Trojan steals access data for 300,000 bank accounts

IT Security.com publishes articles on Zero Day Attacks, Spam Control, and Biometrics Security.

Security Focus reports that a Secure Hash competition just started.

SC Magazine US reports that Microsoft flaws are down but malware on the rise, Six are arrested for hacking President Sarkozy’s bank account, and Cybercrooks use Google name to spread Facebook worm.

ISAF: ISAF issues warning to retailers to tighten up on security procedures

NHS Security Awareness Month Initiative At Colchester Hospitals, England

SANS Institute And ISACA Announce Online Security Awareness Course And Scholarship

Last but not least are a couple of articles on Security Metrics. There’s this great article on Security Metrics by Joel Rosenblatt from last quarter’s (July-Sept 2008) issue of Educause Quarterly. Rosenblatt also has a book review of Andrew Jaquith’s Security Metrics: Replacing Fear, Uncertainty, and Doubt
Another related book, Complete Guide to Security and Privacy Metrics was reviewed last year by Cheryl Washington.