Technical Tidbits™

Posts Tagged ‘computer security’

I really want to purchase this but can’t right now, but I thought maybe some of you might be interested, so I’m posting it here with my affiliate link to Amazon.

According to the Amazon blurb: With seventy-seven chapters contributed by a panel of renowned industry professionals, the new edition has increased coverage in both breadth and depth of all ten domains of the Common Body of Knowledge defined by the International Information Systems Security Certification Consortium (ISC).

Of the seventy-seven chapters in the fifth edition, twenty-five chapters are completely new, including:

1. Hardware Elements of Security
2. Fundamentals of Cryptography and Steganography
3. Mathematical models of information security
4. Insider threats
5. Social engineering and low-tech attacks
6. Spam, phishing, and Trojans: attacks meant to fool
7. Biometric authentication
8. VPNs and secure remote access
9. Securing Peer2Peer, IM, SMS, and collaboration tools
10. U.S. legal and regulatory security issues, such as GLBA and SOX

Whether you are in charge of many computers or just one important one, there are immediate steps you can take to safeguard your computer system and its contents. Computer Security Handbook, Fifth Edition equips you to protect the information and networks that are vital to your organization.

Computer Security Handbook

(asin:0471716529)

On September 25th, I posted that Microsoft confesses to posting a flawed update, which pointed to an August 22, InfoWorld article that stated it was the third time in two months that Microsoft has had to re-issue a security related update. Well, Microsoft has done it again!

The most recent is MS08-052, first published on September 9.  Seems they left out a few pieces of software in the original release! According to the e-mail I received about the re-release:

Bulletin updated
    to add Microsoft Office Project 2002 Service Pack 2, all
    Office Viewer software for Microsoft Office 2003, and all
    Office Viewer software for 2007 Microsoft Office System as
    Affected Software.

Let’s recap the re-issues….

MS08-030:
06-10 First Issued
06-19 Re-issued

Advisory 954960:
06-30 Advisory Issued
07-09 Fix available
08-01 Re-release Fix
08-12 Re-release Fix

MSO08-052:
09-09 Security Update Issued
09-12 Re-release

Now, perhaps you might be wondering why I feel this is a serious enough of an issue to post it here?

Come with me for a minute down the path my brain takes when I see this kind of stuff.

Thought #1: Microsoft’s software isn’t cheap. You would expect better service from a more expensive product – wouldn’t you? I mean, would you pay for a Lincoln and expect to drive away in a Rickshaw? No! You pay big money for the Lincoln and expect to get this nice, well made car with the full company guarantee behind it.  So, why am I (we) paying for Microsoft’s software and paying more than any other software manufacturer? Especially since they can’t seem to get their own act together?

Thought #2: Microsoft wonders why people don’t patch and don’t trust their software in general. Hello? Many times we wait two weeks to patch because we are so used to Microsoft either re-releasing something or not knowing about known issues in a patch at the time they issue them.

Like Microsoft, we and our clients have businesses to run. We can’t afford the down time it takes to fix one of their F*ck ups.

My sister spent over 12 hours on the phone with Microsoft Tech Support in India just to get Vista’s SP1 installed! Businesses don’t have the time or patience but Microsoft just expects us to suck it up.

Thought #3: Security professionals, repair techs, and pretty much anyone involved with the care and feeding of PCs and their users, are constantly frustrated with having to fix user’s PCs from either known vulnerabilities that have been exploited or infected from some malware that was easily installable in Windows system.

And when asked why the user isn’t updating, the answer commonly is one of the following three responses:

- I’m afraid they will screw up my machine.

- I don’t trust Microsoft because their updates have screwed up my machine.

- Why should I fix it if it ain’t broken.

Thought #4: After all, with all the ISPs trying to get more money for their bandwidth, do we users want to keep having to reinstall service packs, patches, and security updates from Microsoft?

Don’t you think that since Microsoft is consuming a lot of our bandwidth with their updates, don’t you think they should foot the bill for some of it?

Thought #5: I think I might get back into the repair business because I’m telling you what, with what I’m seeing in terms of security problems in our research here, the more we are going to see systems infected with all kinds of things! And Microsoft losing even more credibility with users is just adding more wood to the fire.

Thought #6: The reason Microsoft revised this current update? From their FAQ’s:

The last Microsoft Security Bulletin for GDI+, MS04-028, lists affected and non-affected software that is not listed in this bulletin. Why?
The software listed in this bulletin have been tested to determine which supported versions or editions are affected and which supported versions are not affected. Other versions or editions listed in the MS04-028 are past their support life cycle.

Does that mean Microsoft, that you DON’T TEST your software patches and updates before you issue these? Well, THAT would explain EVERYTHING!

Let’s see how long anyone else would stay in business if they tried the same tactics. We’ll just create some software, charge people to purchase it, and let them debug it and all our updates! Saves a hellofalot of time and money in research and development!

Yeah, I’m sure that would work in the REAL, NON-MICROSOFT business world!

So, in conlcusion, if you haven’t patched yet, you really should apply this one. Unless you want to wait to see if they revise it again in another two weeks!

If you haven’t been to our home page recently, then you’ve missed our new banner announcing our upcoming 10th Anniversary celebration!

Well, our first Pre-Launch page is now available here: Are You Security Minded?

And if you are not yet one of our affiliates, you need to become one before our launch! You will not regret it!