Tuesday, September 23, 2008

Yahoo, Hotmail, Gmail all vulnerable to password reset hack

Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week.
Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail all rely on automated password reset mechanisms that can be abused by knowing a username associated with an account and an answer to a single security question, according to quick tests run by Computerworld .

Read More

Wednesday, September 17, 2008

How to configure NAP for Windows Server 2008

Really Nice Article in how to configure Microsoft NAP

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1327034,00.html?track=NL-422&ad=659042&asrc=EM_NLT_4467618&uid=7917188

Microsoft's NAC comes out on top

Microsoft comes out on top of the NAC heap in an evaluation of 10 vendors that was published recently by Forrester Research.
The result is interesting because it’s not based on how many units were sold or performance tests but rather on evaluation of how well the products would meet the challenges of a set of real-world deployment situations

Read More

Monday, September 08, 2008

Will Microsoft Take a Sip of 'Midori'?

After some 23 years of Windows development, Microsoft appears to be more seriously considering the delivery of a non-Windows operating system. "Midori," the code name for a componentized operating system being built from scratch, has been kicking around the Redmond labs for four or five years. Recently, however, sources familiar with the project say Midori is now in "incubation," meaning the product is likely meandering its way closer to commercial availability. Midori is just one of a number of incubations under Craig Mundie, Microsoft's chief research and strategy officer.
However, another indication that the company is beginning to take Midori more seriously is that Eric Rudder, a longtime Microsoft veteran and senior vice president for technical strategy, is now supervising the project.

Read More

Sunday, September 07, 2008

Cisco warns of flaws in Cisco ASA 5500, PIX, Cisco Secure ACS

Cisco is warning of multiple security holes in its security appliances that if exploited, could result in a reload of the devices or disclosure of confidential information. The company has also issued a fix to a vulnerability in its Cisco Secure Access Control Server, that was discovered by external security researchers.

Read More

Thursday, September 04, 2008

Early security issues tarnish Google's Chrome

Security researchers have already uncovered vulnerabilities in Google's Chrome browser, including one that could allow a user to download malicious code

Read More