Laser Blog

Articles tagged "security"

40 malicious code on websites

Wednesday 24th January, 2007

According to an article on the BBC News website, tech criminals are moving the focus of their activities from e-mail to the web. It appears that many spyware or trojan-infected e-mails are getting blocked before they reach the user, so instead "clean" e-mails containing links to websites which contain malicious down loaders are being used instead. The goal seems to be to try to gain access to corporate networks. This rather ties in with my previous article on the relative security of internet explorer and mozilla firefox.

This also seems a little at odds with an earlier report which implied that home PC users were the main target of tech criminals. Or it may be that that particular user base is nearing saturation as far as the aims of tech criminals are concerned.


39 2006 security status: Internet Explorer vs Mozilla Firefox

Monday 22nd January, 2007

The "Security Fix" blog on the Washington Post website compared the relative security of Internet Explorer and Mozilla Firefox during 2006:

... analysis found that for 284 days in 2006, bad guys were either exploiting critical, unpatched security holes in IE or blueprints for said instructions were published online for any criminals to use. In contrast, the data showed that there just nine days in 2006 in which exploit code was available for similarly serious, unpatched security holes in Mozilla's Firefox browser.

These statistics are shocking. There's not a lot more which can be said about them; one can only guess as to the reasons behind Microsoft's apparent lack of commitment to security for Internet Explorer. However, let me represent this data for you graphically:

Chart showing the relative security of Internet Explorer and Mozilla Firefox during 2006

It just seems unreal.


36 NSA involvement with Microsoft Vista

Sunday 14th January, 2007

It's interesting looking back on this in light of the Snowdon revelations. And were the NSA involved in "helping Microsoft" with more recent versions of Windows?
Rob. April 2015.

On the face of it, getting the NSA to help with Vista security seems like a pretty good idea. So good, in fact that Microsoft are willing to surreptitiously advertise this fact (in the full knowledge that once the news gets out, it will be broadcast all over the Web in a matter of days) as yet another reason why Vista is going to be so secure.

Microsoft also admit that this is not the first time it has sought help from the NSA. Apparently the NSA has helped with security aspects for the consumer version of Windows XP and Windows Server 2003.

What they don't acknowledge is the nearly forgotten news that the NSA seems to have had significant input in every version of Windows since the second release of Windows 95. So significant in fact, that some researchers believe that the NSA were allowed to plant back doors in these operating systems.

So now when you read that Microsoft is and has been repeated involved with the NSA, for "security enhancement", does it make you feel more, or less secure?


34 Who's in charge of your PC? (2)

Monday 8th January, 2007

Following on a from an earlier post, which only hinted at future plans to monitor (Windows) PC users, here is a truly frightening story about an ActiveX control which seems to have been installed on all Acer laptops since 1998. This particular program which has been marked "safe for scripting" appears to allow any web page to run any command on your (Acer) laptop. The link provides more details, as well as a test for those who are concerned.

The two questions which spring to my mind are: "What exactly are Acer up to?", and "Who else is doing this?" All this has been going on unnoticed for eight years.


32 How Skype gets round firewalls

Friday 15th December, 2006

Have you ever wondered how two Skype (and other P2P) clients exchange data, despite the fact that both machines are each sitting behind a firewall that only permits outgoing traffic? Read this article from Heise Security.

Peer-to-peer software applications are a network administrator's nightmare. In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls, which shouldn't actually be letting in packets from the outside world.