Virtu Email Encryption – Web based email can be easily encrypted

Since former NSA contractor Edward Snowden began divulging information on how vulnerable our personal digital data is – and how much of it security organizations have been helping themselves to – the average web surfer has begun to think a bit more cynically about cyber security. That newfound suspicion creates a headache and a PR-fiasco for the NSA but opens doors for entrepreneurs in the world of online privacy.

Two such entrepreneurs are brothers Will and John Ackerly. The Ackerlys and their startup venture, Washington D.C.-based Vitru, are two weeks into the launch of a product that lets internet users encrypt any and all of their emails for free. Unlike competitors, the service acts as an add-on to your web browser and does not require the email recipient to have signed up for the service. That feature alone makes Virtu notable.

What’s different from what a lot of encrypted communication tools is the integration of their encryption technology directly into Gmail, Yahoo, Outlook.com. They have created a simple system that required little technical know-how.

There is no shortage of privacy and security products out there but most users, while concerned about the privacy of their personal information, have not taken action because they don’t know where to go.

Here’s how it works:

Download Virtru as a Firefox add-on and a mobile app. On Firefox, each new email contains a small unobtrusive switch on the top right corner of the message window which turns encryption on (yes, it is opt in). Press “send” and Virtru encrypts the contents on your device with standard AES 256, then sends it to the recipient but separates the encryption key from the message. The recipient does not need to have downloaded Virtru to get the key but does need to confirm his or her identity by email address. Virtru holds the key to that decryption process and won’t fork it over without verification.  They also have a firewall that makes sure that every keystroke that you type inside the compose window never gets to the server. Normally every single keystroke is recorded and sent to Google servers when using Gmail.

On smartphone, the user can send out emails via the Virtru mail app that links to, say a Gmail app but only after verifying your identity on the device. Other free services include the ability to control whether your recipient can forward your message and the power to revoke access to the message after a chosen period of time.

Email encryption is free (“and it will always be free,” according to the company) but they have formulated a revenue model consisting of soon-to-come paid features like attachment security, domain-level enterprise data management platforms, as well as the licensing of their technology to organizations that want to manage their own security keys.  The fees themselves have yet to be determined but will be announced in the second quarter.

So far Virtru has launched its email privacy product as an add-on to Chrome, Firefox and iOS. In the coming weeks compatibility will spread to Internet Explorer, Safari and Android, as well as plugins for Outlook and Mac Mail.

New Spam Technique: .CPL File Use

Email remains the primary means of business communication. As such, cybercriminals and attackers often use it to infiltrate corporate networks. As a study said, the majority of organizations and large enterprises use corporate email accounts to send and receive confidential data.

As early as September 2013, we saw a rise in spam with malicious Control Panel (.CPL) files as attachment. In the past, spammers typically used .ZIP or. RAR files as attachment. In a particular financial spam run, the malicious .RTF file attachment came embedded with a malicious .CPL file we detect as TROJ_CHEPRO.CPL. The .RTF file contained a clickable image that, when clicked, ran the malicious .CPL file.

Legitimate .CPL files, when clicked, execute applets found in the Windows Control Panel. That’s probably why cybercriminals use them more now to spread malware. Some CPL malware like TROJ_CHEPRO.CPL, when executed, download data-stealing malware like TSPY_BANCOS.CVH. It gathers system-related information and text files as well as monitors transactions on sites like PayPal, Facebook, Google, and Hotmail. And as usual, data stolen can be used in future attacks.

For this reason, we recommend blocking .CPL attachments on your email system.

Multifactor Authentication for Office365

Users of Microsoft’s cloud-based Office 365 offering get a double dose of password security, with client apps to follow soon.

Given the likelihood that Office 365 accounts are bound to contain sensitive corporate information, Microsoft is looking to avoid the high-profile security breaches that have plagued other cloud services. To that end, the software giant announced that it has extended multifactor authentication to the Office 365 user base at large.

The security measure is no longer the exclusive domain of administrators. Multifactor authentication has been available for Office 365 administrative roles since June 2013, and now they are extending this capability to any Office 365 user.

The Multi-Factor Authentication for Office 365 will be available for the Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online.

The will allow organizations with these subscriptions to enable multifactor authentication for their Office 365 users without requiring any additional purchase or subscription. Users must authenitcate once on each device they access their Office 365 account on. Once authenticated, it becomes a trusted computer/device for their account.

The move is part of a broader effort by the company to harden its cloud services slate. In June 2013, Microsoft announced that it was bringing multifactor authentication, based on technology from its PhoneFactor acquisition, to Windows Azure Active Directory (AD) services, enabling users to securely access their accounts with additional credentials supplied by an app or Short Message Service text.

In recent years, online service providers have been rocked by breaches that have caused security-conscious enterprises to regard the cloud suspiciously. Dropbox, a popular cloud storage company, rolled out two-step authentication in 2012 after a breach that made user data susceptible to snoops. Twitter followed suit in 2013 after major accounts had been hacked. Yahoo Mail breach would have been a non-event for users had they switched on the service’s multifactor authentication options. I’m sure all online email providers will be adopting similar services – now it is up to the end-user to turn it on and use it. It should be a required setup for all accounts.

Microsoft is also looking to extend multifactor authentication to Office 365 client apps. Noting that users currently have a workaround by configuring App Passwords to secure their desktop apps. Soon Office 365 customers will be able to use multifactor authentication directly from Office 2013 client applications. Microsoft is planning on adding native multifactor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell and OneDrive for Business, with a release date planned for later in 2014. The update will supplement phone-based authentication with support for third-party solutions and smart cards that conform to the U.S. Department of Defense Common Access Card (CAC) and U.S. Federal Personal Identity Verification card (PIV) security standards.

2013’s Most Notable Spam Trends

As one of the Internet’s most enduring threats, spam went through very notable changes in 2013.

The Death of the Blackhole Exploit Kit

The Blackhole Exploit Kit, a notorious exploit kit, was used in several spam campaigns. It can quickly adapt to existing trends by incorporating newfound exploits for vulnerabilities and using the latest social engineering schemes to infect computers and release damaging payloads.

2013 saw 198 Blackhat Exploit Kit campaigns, a considerably smaller number compared with last year’s. This can be explained by the arrest of the supposed kit creator, Paunch, in early October of 2013. Two weeks after Paunch was brought to justice, the Blackhole Exploit Kit spam run volume significantly dropped and later completely disappeared in December 2013.

Health Spam

The third quarter of 2013 saw a dramatic increase in health-related spam, which made up nearly 30% of the total volume. The spam, numbering around 2 million each day, contained weight loss tips, pharmaceutical product promotions, and so on. 2013 also saw health-related spam change, mostly in terms of how they convinced recipients to click embedded links. In the past, health-related spam were very direct. They had a product image and a few sentences convincing recipients to click an embedded link. They’ve become a bit more subtle with their messaging now; sporting newsletter templates with featured anecdotes and quotes from supposed health experts. This is most likely an effort to appear more legitimate and bypass anti-spam filters.

Malware Attachments

In 2013, malicious spam usually came with ZBOT/ZeuS malware in tow until halfway through the third quarter when TROJ_UPATRE malware ousted ZBOT/ZeuS. In fact, by November, 45% of all malicious spam came with UPATRE strains, which are known for downloading other malware like ZBOT/ZeuS and CryptoLocker variants onto already-infected computers. Unlike ZBOT/ZeuS, which is notorious for data stealing, CryptoLocker is well-known for locking infected computers, rendering it and the data stored within inaccessible.

Basic Spam Safety – Suggestions for everyone

While spam have certainly changed and will continue to do so, the ways by which you can avoid becoming their victim remain the same. To stay safe we recommend:

  • Immediately delete suspicious mail from unfamiliar senders.
  • Never open attachments or click links that come with suspicious mail.

New Symantec Endpoint Maintenance Release – Minor update series for version 12.1.4013.8083 SEPM

The potential to leverage the remote access XXE vulnerability to attempt to exploit the local access SQL Injection issues increases the overall severity from a successful exploit of these issues. Symantec customers need to apply the available updates (12.1.4023.4080) as soon as possible.

Over the course of the next week we will be upgrading our clients using Symantec Endpoint protection to this newer version. For their benefit, we are listing the new and changes features in this release. We recommend all users of Symantec Endpoint upgrade their versions as soon as possible to address these issues (listed below). In addition to this Management/Client release they have also released an urgent patch to the management program, after applying this 12.1.4.4013 fix first, then the Management Security Fix.

  • Expanded operating system and browser support
    Supports Mac OS X 10.9 and Windows 8.1 / Server 2012 R2.  Supports the latest versions of Internet Explorer, Firefox, and Chrome.
  • Expanded and improved features for Endpoint Protection for Mac
    Improved remote deployment features for the client, including a standardized deployment package for use with third-party client management systems that supports unattended, logged out, and silent deployment.
  • Intrusion prevention for Mac client computers.  LiveUpdate 6 for Mac, which does not require Java and can run with no user logged in.  Content for Mac from Symantec Endpoint Protection Manager (SEPM)  Other improvements including improved scheduled scan options, user interface improvements, and language support
  • Faster alerting and notification for priority events  SEP 12.1.4 Windows clients can quickly send priority events to SEPM without waiting for the next heartbeat. You can create notifications without a damper for critical events. Priority events include malware detections and IPS alerts.

New fixes in this release

  • A detected threat does not have a corresponding entry in the risk log.  Symptom: You see the pop-up warning, “Threats were detected while you were logged out,” but the risk log does not display a corresponding entry.
  • System hangs after reboot on Windows XP Embedded SP3.  Symptom: After you install Symantec Endpoint Protection client on a Windows XP Embedded device on which PCAnywhere and specific video adapters are also installed, a crash in the video memory occurs.
  • Scan Logs do not display updated scan status.  Symptom: Administrator-defined scheduled scans do not update the scan status of Symantec Endpoint Protection Manager scan logs if you suspend then complete the scan.
  • Microsoft Outlook 2010 freezes.  Symptom: If you install Symantec Endpoint Protection Microsoft Outlook plug-in along with McAfee DLP software, Microsoft Outlook 2010 appears to hang or become unresponsive when you open or add an attachment.
  • Cannot generate quick risk reports  Symptom: When you try to generate quick risk reports, PHP errors and warnings display. You also see many PHP-related errors in the reporting logs.
  • Some detection counts do not display correctly in reports.  Symptom: The distribution bar under the “Risk Detection Counts and Detection by Computer” report shows one color, instead of the expected multiple colors for different infection types.
  • Application and Device Control exception is not working correctly.  Symptom:An Application and Device Control folder control exception does not work correctly with an absolute path, such as “C:\TEST”.
  • Management Server Configuration Wizard encounters Unexpected Server Error  Symptom: An Unexpected Server Error occurs after you run the Management Server Configuration Wizard.
  • When both the Symantec Endpoint Protection client and management server are installed, Windows Server Backup utility cannot complete a volume shadow copy  Symptom: When you install both Symantec Endpoint Protection client and Symantec Endpoint Protection Manager 12.1.x on the same computer, the \System Volume Information\EfaData\ folder grows large in size. This growth causes a lack of available free space for the Windows Server Backup Utility to create a volume shadow copy.
  • Scheduled scan report fails to abide by an OS filter  Symptom: When you schedule a Scan Report based on an OS filter, it instead returns every OS.
  • Symantec Endpoint Protection installation results in warning messages in logs  Symptom: Warning messages, such as Event ID 28, appear in the logs when you install the Symantec Endpoint Protection to a physical Windows Server 2008 R2 with Hyper-V.
  • Unable to remove the “Delete from Quarantine” option Symptom: After you uncheck the “Delete from Quarantine” command option for Limited Admins, this option still appears on the dropdown menu as a possible Action. The only way to remove “Delete from Quarantine” from the dropdown menu is to also remove other features, such as “Enable Download Insight.”
  • Download Protection Content reports as “Not Available” after a restart Symptom: After a client restarts, the initial heartbeat reports that Download Protection is “Not available.” As a result, a notification for “Download Protection out of date” triggers from Symantec Endpoint Protection Manager. Subsequent heartbeats report correctly.
  • Too many active connections from the Group Update Provider (GUP) to Symantec Endpoint Protection Manager Symptom: The Group Update Provider (GUP) computer keeps more than 200 connections open to Symantec Endpoint Protection Manager.
  • Client reports Firewall Status as “Disabled” Symptom: If you disable or withdraw the firewall policy from a client group, the clients display as “Disabled” on the Symantec Endpoint Protection Manager Home tab, under Endpoint Status. Clicking on the Endpoint Status chart shows the Firewall Status as “Disabled.” The Firewall Status should only display as “Disabled” if the end user disables the firewall.
  • Lotus Notes 7.0.3 terminates unexpectedly Symptom: Lotus Notes 7.0.3 terminates unexpectedly when you attempt to open an attachment.
  • Some clients do not honor the restart after using the Client Deployment Wizard Symptom: When you use the Client Deployment Wizard to install a package that includes Application and Device Control, Symantec Endpoint Protection clients do not honor the reboot command provided in Client Install Settings.
  • Clients move to the wrong group if group name has a space in it Symptom: If you copy a group name containing a space from the details tab of one Symantec Endpoint Protection Manager and paste that group name into a new group on another Symantec Endpoint Protection Manager, then the clients end up in an incorrect group. If you copy the same group name containing a space from Windows Notepad, then the clients end up in the correct group.
  • Scan time is shown incorrectly Symptom: If you click Home > View Details > Scan Failures, the last scan time displayed is incorrect.
  • Teefer does not see outbound traffic on Windows XP Symptom: On Windows XP SP3, Teefer does not see the outbound traffic for QoS Packet Scheduler (PSched).
  • Lotus Notes terminates unexpectedly during start-up. Symptom: Lotus Notes terminates unexpectedly during start-up when it attempts to load the Notes Auto-Protect plugin (nlnhook.exe).
  • Windows Hypervisor stops responding. Symptom: Windows Server 2012 Hypervisor servers stop responding after you install Symantec Endpoint Protection 12.1.2 (12.1 RU2).
  • Juniper Network Agent Virtual Adapter missing from VPN classification Symptom: Juniper Network Agent Virtual Adapter (Juniper Junos Pulse client) does not appear within the “Any VPN” classification in the firewall rules.
  • Windows Server 2008 R2 is not identified correctly in Symantec Endpoint Protection Manager Symptom: Symantec Endpoint Protection Manager shows an incorrect operating system name for Windows Server 2008 R2 computers in the client inventory report and client properties dialog.
  • Cannot generate risk report Symptom: When you create a risk report for “Action List” or “Infected and At Risk Computers”, the query fails.
  • Log file size grows to be very large. Symptom: Log messages continue to write to scm-ui.log, even after the user logs out of the console. As a result, the log file grows very large.
  • Windows OXP 64 bit is listed incorrectly. Symptom: If you click Monitors > Logs > Computer Status > View Log, Windows Server 2003 clients incorrectly display as Windows XP 64-bit.
  • GFValidate.exe application error 1000. Symptom: When Symantec Endpoint Protection Management server is running, you see program errors or crashes when ThreatCon contains an invalid certificate.
  • Windows client incorrectly becomes a Group Update Provider (GUP) after an upgrade. Symptom: After you upgrade a Windows XP computer to Symantec Endpoint Protection 12.1.2, the computer becomes a GUP even though it was not designated as one.
  • Management Server Configuration Wizard displays an error when using a non-default path for the database data folder. Symptom: When you designate a new database using a non-default data folder, such as on drive D:, the Management Server Configuration Wizard displays an error about the database data folder, because it is incorrectly looking for the default path on C:.
  • Cannot add applications to Exception policy. Symptom: You try to add detected applications to existing Exception policies, but those policies do not display in the Monitors tab.
  • Discrepancy in the Endpoint Status report. Symptom: The information displayed on the Home tab under Endpoint Status is different from the information displayed when you click the chart for details.
  • An unexpected database error occurs. Symptom: An unexpected database error occurs when you log on the Web Services Application Registration page.
  • Client upgrade rolls back Symptom: At the end of the upgrade to Symantec Endpoint Protection 12.1.2 on a computer with a custom Windows system root directory, the installation rolls back to the previous version.
  • BIOS serial number not stored Symptom: The Symantec Endpoint Protection client sends the BIOS serial number when it connects to the Symantec Endpoint Protection Manager. You can see this information in the scm-server-*.log, but it is not stored within the Symantec Endpoint Protection Manager.
  • Symantec Endpoint Protection Internet email Auto-Protect prevents POP3 email from being sent or received. Symptom: When you check email with a client program that uses the service session (session 0), sending or receiving email experiences delays if you install Symantec Endpoint Protection Internet email Auto-Protect.
  • Unable to copy from USB. Symptom: After you upgrade Windows Vista to Symantec Endpoint Protection 12.1.2, you are unable to read files from a USB device, even though the Application and Device Control policy only prohibits writing to a USB device.
  • Server crashes with BugCheck 8E. Symptom: A Symantec Endpoint Protection client installed to a server operating system crashes with BugCheck 8E {c0000005, f723fac3, abb89930, 0}. The crash log contains a reference to SRTSP.sys.
  • LiveUpdate fails to process content on Symantec Endpoint Protection Manager. Symptom: The LiveUpdate client runs successfully and downloads the content on Symantec Endpoint Protection Manager 12.1.2 (RU2), but fails during the post-processing of the content.
  • EFS encrypted files are damaged. Symptom: After a content download triggers a Defwatch scan, EFS encrypted files become corrupted.
  • Weekly deadlocks occur on Symantec Endpoint Protection Manager database. Symptom: The server logs indicate weekly deadlocks on the Microsoft SQL Server database used by Symantec Endpoint Protection Manager. These deadlocks place an excessive load on the database server.
  • USB data stick removal results in BugCheck 7E error. Symptom: When you remove a USB memory stick, the computer crashes with error code 0X0000007E (BugCheck 7E).
  • Servers are slow or unresponsive. Symptom: After you install the Symantec Endpoint Protection client without Network Threat Protection, the file share server appears to be offline, or becomes extremely slow and unresponsive.
  • Connectivity issues with 3G connection. Symptom: When you try to connect to the internet with a 3G NIC, the Symantec Endpoint Protection firewall component detects a problem and blocks the connection.
  • Wired 802.1x connection attempt results in BugCheck 50 referencing Teefer. Symptom: When attempting to connect using wired 802.1x authentication, the computer crashes with BugCheck 50. The blue screen message references teefer.sys.
  • LiveUpdate does not update Symantec Endpoint Protection client. Symptom: The Symantec Endpoint Protection client downloads but cannot update definitions with LiveUpdate. Content updates from the Symantec Endpoint Protection Manager occur as expected.
  • Enabling Windows Driver Verifier on Teefer2 results in BugCheck 139 Symptom: You install Symantec Endpoint Protection, enable the Windows Driver Verifier for Teefer2, and reboot. An attempt at a network connection causes the computer to crash with BugCheck 139.
  • Cluster is unable to fail over with AutoProtect enable. Symptom:  With AutoProtect enabled, an active cluster node cannot fail over and hangs.
  • Some Intrusion Prevention exclusions do not work Symptom: After you create an Intrusion Prevention (IPS) policy exclusion to keep an application from being blocked, Intrusion Prevention continues to block the application.
  • Download Protection reports as malfunctioning . Symptom: Client computers always report Download Protection as malfunctioning on the first heartbeat after the Symantec Management Client (SMC) service is started. This issue occurs because the heartbeat reports the status before this component fully initializes.
  • Persistent “unexpected server error” notification. Symptom: You receive System Event Notification emails multiple times a day reporting an unexpected server error. The Symantec Endpoint Protection server logs display the message, “This is not a valid IP address.”
  • “Unexpected server error” appears in server logs. Symptom: For the Symantec Endpoint Protection Manager, the server name is different than the host name. The Symantec Endpoint Protection Manager’s server logs display repeated errors by ScheduledReportingTask about an UnknownHostException. You do not receive email notifications or scheduled reports.
  • “Unexpected server error [0x10010000]” when deleting a Symantec Endpoint Protection Manager administrator. Symptom: When you try to delete an administrator account in Symantec Endpoint Protection Manager but opt to retain the existing reports, the message “Unexpected server error [0x10010000]” appears and the administrator account remains.
  • The policy serial number unexpectedly updates at midnight Symptom: You notice that the policy serial number updated at midnight, but you did not update a policy at that time, only earlier in the day.
  • Some errors in reporting logs related to risk reporting Symptom: There are PHP errors and warnings in the reporting log. The pie charts on the Monitors tab contain no information, and you encounter a fatal error when you click Reports > Quick Reports.
  • Auto-refresh value reverts for Command Status Symptom: The Auto-refresh value you configure under Monitors > Command Status reverts to the previous value.
  • Scheduled or On-Demand scans fill backup cache disks Symptom: You observe that on a computer using a third-party backup program, a scheduled or on-demand scan unexpectedly fills the backup cache disk.
  • SMC service crashing Symptom: The Symantec Management Client (SMC) service crashes on client computers that are Group Update Providers (GUPs).
  • Accelerated heartbeat after clients fails to register with Symantec Endpoint Protection Manager Symptom:  When Symantec Endpoint Protection Manager returns a registration failure with code 412, the client triggers another registration in five seconds. This behavior results in performance degradation on Symantec Endpoint Protection Manager.
  • Installation of Symantec Endpoint Protection causes BugCheck 8e Symptom: After the installation of Symantec Endpoint Protection, the computer crashes with BugCheck 8e. A triggered Auto-Protect scan appears to be the cause.

Ransomware – a real and present danger

A few weeks ago, I had one of our clients open an email from a legitimate sender that contained a .zip file.

This wasn’t exactly normal correspondence, but it also wasn’t unusual to be contacted via email by this contact.

Shortly after, I was called and informed it appeared they had a virus. They said a strange pop-up warning message came up and they couldn’t get rid of it.

“Please don’t click anything anymore” I replied. I asked if it resembled their antivirus alerts or had any reference their web filter. They told me that less than a minute after the .zip file was opened, they got the 72-hour countdown screen from CryptoLocker stating that they needed to purchase the $300 encryption key or all data would be encrypted and useless.

I told the person to unplug the PC from the network and cut off the power. They would have to work from another station until we could send over someone to take care of it.

I walked out with the infected piece of hardware under my arm.

I got back to my office and started researching CryptoLocker while I allowed scans on the machine with no network connections. I downloaded the latest version of Malwarebytes to an empty flash drive and loaded that to the machine as the first scan finished with no results. I started a full system scan with Malwarebytes and went back to researching what I could about this particular virus, and testing nodes of shared files and drives.

It looked like it favors user-modified documents with MS Office, Adobe, and .txt type extensions. I followed file paths he had rights to and BAM every single document would produce the same error message: “This file cannot be opened because the file format or file extension is not valid. Verify that the file has not been corrupted and that the file extension matches the format of the file.”

If I forced a file to display contents it was a massive garbled mess of displayed encryption. I had to restart the Malwarebytes scan two times before I decided it was a waste of time. I needed to re-image the machine and move on to backups.

In that short amount of time while the machine was connected to the network, it had infected all of the documents on the PC and nearly 80 percent of the public drive the user had read/write access to, which was highly relied upon by employees of all types at that client.

This being Monday, I decided to restore from Friday. I wanted to skip any chance of reviving a virus I presumed dead on this one machine and stopped all current backup tasks.

I ended up copying the 214Gb backup file to a different location and gave a new service account access to it. It worked. I was able to browse the backup file tree and restore the portion that was corrupt.

All in all, the ransomware spread incredibly fast and all documents — be it Office file types, or .txt, .pdf, — were unreadable even if they did open. Lesson to everyone – pull that computer off the internet and network as soon as you can. Otherwise massive encryption for all network drives and cloud stored files are destroyed.

Microsoft is warning of a zero-day exploit and other Microsoft news

On Tuesday, the company posted a security advisory stating Microsoft is investigating public reports of a vulnerability targeting Internet Explorer 8 and 9. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet ZERO-DAY ATTACKS: Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

All supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone,” but “if a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.

With cyber crime hitting more than 500 million victims globally and costing $100 billion annually, it’s clear that security breaches are a problem very far from being solved.

Zero-days are just one part of the overall threat landscape, however virtually everyone is at risk from a zero-day attack. And the threat from zero-day vulnerabilities occurs long before vendor or public discovery, and remains active long after patches are released.

A zero-day vulnerability is a vulnerability that has only been discovered by hackers. The vendor does not yet know of the vulnerability and therefore has not developed a patch for it. In contrast, a general vulnerability is disclosed by the vendor who typically has a patch ready.

Other Microsoft news:

Last week, four of the 13 Microsoft-issued updates were yanked for causing nasty retargeting loop headaches for some customers. After installing the updates, some users were notified to install updates again, and then again, in a vicious circle, as if they had not previously installed them. Microsoft said there were also cases “where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).” The company fixed the flawed patches and released new updates.

In the Microsoft good news category, Windows Phone 8 was given the FIPS 140-2 security thumbs up by the government. “FIPS 140-2 is a U.S. government security standard used to accredit the cryptographic algorithms that protect sensitive data inside products like smartphones. In all, Windows Phone 8 received accreditation for nine cryptographic certificates. If things go according to Microsoft’s plans, then Windows Phones will have a new virtual assistant in 2014. The Microsoft-flavored Siri is code-named “Cortana,” after “an artificially intelligent character in Microsoft’s Halo series who can learn and adapt.

Microsoft announced that Bing is moving on to “the next phase,” which is more than a new logo and user interface. “Bing is now an important service layer for Microsoft, and we wanted to create a new brand identity to reflect Bing’s company-wide role. The new look integrates the ‘One Microsoft’ vision both from a product perspective and visually.” This seems to squash rumors that Microsoft might kick Bing to the curb. You can preview the modern Bing here – http://www.bing.com/explore/newbing

 

Follow

Get every new post delivered to your Inbox.