Thursday, June 21, 2007

Russian Hackers...again

Russian hackers hijack Italian sites to serve exploits blog posted by Ryan Naraine at ZDNET.COM demonstrated again that the war between hackers and security companies is an ongoing event and I doubt that it will be over in the nearest future. Yes, the law enforcement measures were improved across the entire world in the places where we could not expect earlier (China, Malasya). However, the creativity of those who design the malicious software is often above the creativity of those who design the countermeasures. Apparently, Russia is a good source of hackers (as well as the programmers). I would be especially careful to hire the Russian programmers to lower the cost of development if they still live in Russia. You can easily get your financial information stolen by those programmers who may build and hide a back door into your system.

The problem is that the most of the countermeasures are reactive even if some of the vendors
claim that their software includes intelligent engine that can recognize the new malicious program. None of the vendors will ever admit that those "intelligent engines" are good in the lab and on the paper (especially, the marketing) but fail in the field. Could they be sophisticated enough, they would prevent the attacks that involve several components including even the tiny proxy server that after being downloaded serves as a door to download the information stealer(the WebAttacker/MPack exploit toolkit).

While there is no guarantee that the latest-greatest software and OS patches installed on PC will protect you at 100%, it is still important at least to lower the risk of infection. Another countermeasure is to avoid browsing unknown web sites as much as possible. Is it possible? I think so.

While you are reading this article, I recommend you to follow the suggestion of the the blog and to run the Secunia’s free software inspector to scan your machine to look for weak spots.

Sunday, June 10, 2007

* New struggle for current MCSEs

For those who are MCSE 2003, Microsoft has some good news.
Yes, the endless struggle for being certified by Microsoft AND being current MCSE or MCP has entered into a new phase:
What bothers me that the Microsoft Marketing department, well in advance before the final release of Windows 2008 server, already offers the new certification in the run for more revenue that the new certification will generate. The product is not there, yet, but the certification is already there (beta).

Why to offer beta certification? It's pure simple. If you want to try passing the beta for free, you will obviously have to learn the product that was not released to the general public. And this IS the goal. Along with the money current MCSEs will pay for the exam (not the beta) later, Microsoft will achieve the goal to have more ambassadors of a new server operating systems, the ambassadors who will push it to their network environment...

Get your money ready, MCSEs!

Friday, June 8, 2007

* MAC security vs. Vista

About a week ago, I had a conversation with some of my friends regarding the bullet-proof operating systems. One of them informed us that one of the Government organization decided to replace Windows-based workstation and to use Steve Jobs' MACs because they like UNIX kernel are not penetrainable due to the security architecture and required permissions from the kernel to use any external program. While I agreed on the kernel itself, I disagreed that MAC is a bullet-proof OS. The problem with any OS that it's not only kernel itself but the whole bunch of other files that participate in various services, supporting applications, and much more.
I liked MAC for a sleek interface and performance but not for the price tag. Also, Vista offers the same grade of a quility screen images and comparable performance. To support my statement, I sent them the link to the following article where the number of security problem were addressed:
"If you look at the number of found vulnerabilities in Windows XP (28) vs. Vista (11) this year, Vista wins again. If that seems like a lot, don't forget Mac OS X has had 101 in the same time period".
No matter what the OS is being used and level of the security applied, the weakest link is always the end-user.