Posted 07/28/09 at 03:00:50 PM by Paul Lilly

During the Black Hat conference in Las Vegas this week, Microsoft plans to provide a progress report on the security initiatives that it launched last summer, as well as release new security tools to better equip IT professionals and security researchers.

"There's a race between attackers and defenders and if we want to win, we have to share information, said Mike Reavey, director of the Microsoft Security Response Center.

One way the software maker plans to do this is by releasing the Microsoft Office Visualization Tool, a utility which provides a graphical overview of the Office binary file format. According to Microsoft, the software will make it easier for programmers to understand how attacks target Office files, noting that most malware attacks application vulnerabilities and not the OS itself.

"In order to build protections, you have to understand how a specific file format is meant to be used, so then you can understand how it's being misused," Reavey added.

During the conference, Microsoft also plans to release Project Quant, an online information resource designed to provide organizations with a framework for evaluating the cost of patch management processes. In addition, the company also plans to release the Microsoft Security Update Guide, a publication that explains the entire Microsoft update process, and a publish a report titled, "Building a Safer, More Trusted Internet Through Information Sharing."

Read More

Posted 07/04/09 at 04:25:26 PM by Justin Kerr

Despite recently announced delays in China’s requirement to include Green Dam anti-pornography software on new PCs, the initiative is far from dead. PC makers who unanimously decried the hasty July 1st deadline managed to buy themselves an extension, but are still being told they to comply with the new requirements. The Chinese Ministry of Industry and Information Technology re-affirmed its commitment to Green Dam Youth Escort on Thursday, and claims that it sees the software as being an important tool for protecting young people from pornography and violence on the internet. To further reinforce its commitment to total penetration, software publisher Jinhui has been told to write a Mac OSX version of the software, and it is currently in beta testing.

Critics of the Green Dam filtering software continue to question the motivation behind the initiative, and have accused the Ministry of using the software to further political repression. This may be a valid concern when you consider that the Ministry in charge of Green Dam’s implantation is also responsible for suppressing illegal political activity. The situation for the Chinese gets even worse when you consider that several industry tests have shown multiple security vulnerabilities in the filtering software, and it even appears to have a high occurrence of false positives in the filtering algorithm. The vulnerabilities are considered so serious in fact, that Sony is including a disclaimer with all new PCs.

Will Linux be the only safe haven for the Chinese? 

Read More

Posted 06/28/09 at 02:10:58 PM by Justin Kerr

The Chinese Health Ministry has been waging a very public war against pornography lately, and although they appeared to be softening their approach, new developments on Thursday have left Google scrambling. In what some people are calling “a rigged demo”, a CCTV state-owned television monopoly broadcast an interview demonstrating the dangers of the Google Suggested Search feature which attempts to auto complete simple search terms with popular related queries. At one point during the interview, when the host typed the word “son” into Google, a suggested search was returned stating, “abnormal relationship between son and mother”.

Google has formally commented on the matter, and has explained that the suggested search feature is based on popularity. In their defense, Google claims that nobody had entered this phrase for several months, but the term suddenly became popular in Beijing in the days leading up to the show. Though this is hardly conclusive evidence of a conspiracy, it certainly falls into the category of “suspicious” if true. Regardless, Google claims to be working on a new system that would help it remove all traces of pornography from its Chinese database, but describes it as “a major engineering effort”. "Google has been working to remove pornography from our search results in China, in accordance with our operating license there," the company said.

Google already filters a significant amount of political content from its search results, and critics fear that further censorship will only complicate the efforts of rights activists. It is also worth noting that the government agency charged with cracking down on pornography, is also responsible for suppressing illegal political activity. American officials have been critical of knee jerk restrictions on companies trying to comply with Chinas increasing demand for pornography censorship, and I’m sure we will hear more on this issue in the coming months.

What do you think of the ongoing developments in China?

Read More

Posted 06/18/09 at 04:51:23 PM by Mark Edward Soper

What do Solid Oak Software's CyberSitter  and China's Green Dam Youth Escort Internet filtering programs have in common? According to the BBC, the answer is CyberSitter code. The BBC reports that both Solid Oak's Brian Milburn and a report from the University of Michigan conclude that the developer of Green Dam Youth Escort, Computer System Engineering Inc, have incorporated code from CyberSitter into Green Dam - without a license.

According to the China Daily, Solid Oak is sending "cease and desist" letters to HP and Dell to stop shipping computers bundled with Green Dam, and may seek legal action against the developers. The legal-technical drama is being played out against the background of China's requirement that all new systems sold as of July 1 include Green Dam, as we reported last week.

What have the developers of Green Dam done that might help fend off legal action and improve their product's security? Join us after the jump.

Read More

Posted 06/12/09 at 02:21:23 PM by Mark Edward Soper

The Chinese government is requiring all PC makers selling into the China market to bundle Green Dam Youth Escort web filtering software as of July 1, as we reported earlier this week. This software, already widely used in China's schools and elsewhere, has plenty of flaws, BBC News reports:

• Unencrypted connections between client PCs and the company's servers, which could lead to information theft or the PCs being turned into botnet nodes for malware attacks
• Filtering only Internet Explorer browsers, not Firefox
• Support only for Microsoft Windows
• Inaccurate web site blocking (pictures of pigs blocked, but not pictures of African women)
• Potential privacy risks for users because the software logs all web pages the user attemps to access

Right now, it seems as if Green Dam Youth Escort is incapable of meeting its specified goals of "healthy development of the internet" and "effectively manag[ing] harmful material for the public and prevent it from being spread," while providing a terrific opportunity for malware providers. Have you encountered similar problems with web filtering software? Join us after the jump to sound off.  

Read More

Posted 06/11/09 at 07:11:41 PM by Mark Edward Soper

June 9th saw a rare 'double-header' in security updates: Microsoft's monthly Patch Tuesday was joined by Adobe's quarterly security updates for Acrobat and Adobe Reader. How big was this month's 10-update Patch Tuesday? According to a Microsoft spokesperson quoted by Cnet, the 31 vulnerabilities covered by updates are "the most since Microsoft started releasing updates on a regular schedule of the second Tuesday of every month in October 2003."

Users of Windows 2000 SP4 through Windows Vista SP2 (and holdouts still running Windows 7 Beta), Microsoft Office 2000, 2003, or 2007; Microsoft Office for MacOS 2004 and 2008, Microsoft Works 8.5 and 9, and IE5.01 through IE8 users have some work to do before heading off on vacation, as do users of Adobe Reader and Acrobat 7.x, 8.x and 9.x. To find out what's being changed - and why - join us after the break.

Read More

Posted 02/09/09 at 10:48:26 AM by Mark Edward Soper

Whether you're using Windows and IE, managing Microsoft Exchange or SQL Server at work, or using Microsoft Office, this month's Patch Tuesday has a security update for you. All four security bulletins address Remote Code Execution vulnerabilities in recent and current service packs for each product listed:

• IE 7: Windows XP, Windows Vista, Windows Server 2003
• Microsoft Office: Visio 2002, 2003, 2007
• SQL: SQL Server 2000 Desktop Engine on Windows 2000 and Windows Server 2003; Windows Internal Database (WYukon) on Windows Server 2003 and Windows Server 2008; SQL Server 2000 and SQL Server 2005
• Exchange Server: Exchange 2000 Server, Exchange Server 2003, Exchange Server 2007

But Wait, There's More!

Other updates to be released tomorrow include:

• Cumulative Update for Windows Vista Media Center (KB960544)
• Cumulative Update for Windows Vista Media Center TVPack (KB958653)
• Upgrade Rollup for ActiveX Killbits for Windows (KB960715)
• February 2009 updates for Windows Mail Junk Email Filter (KB905866) and Windows Malicious Software Removal Tool (KB890830)

For details, look up the KB article numbers starting Tuesday.

Read More