The UltraTech Zone

ComputerWorld has a very interesting article this week that talks about how immature Oracle's patch management program for customers is, compare to Microsoft's. As the following quote indicates, there are things that vendors should be doing to provide their Enterprise and SMB customers with the necessary tools and information to keep their ...

Yes, we know that information security in an interconnected world is not trivial.  We accept that configuration errors or malicious insiders or new, complex threats might conspire to provide opportunities for a breach.  But who says that it is acceptable that notification and disclosure of a breach be done months or years after the ...

Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc., I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have been an increasing number of attacks over the past 18-24 months, and even though the ...

Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc. , I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have...(read more)

In today's story of immense irony, we find a vendor taking time to bash another vendor for a security flaw, only to have diligent 3rd parties point out that the flaw exists for the bashing vendor as well. What a waste of time.  If folks would focus more on the issues they need to address, and less on showmanship and one-up-manship, they ...

On a number of fronts, April 2007 is turning out to be a very interesting month for me.  For this particular post, we'll just touch on Information Security again. A recent report from MessageLabs indicates very clearly that targeted security attacks are on the rise, and that email is still a common threat vector.  This morning, I ...

It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in Windows. Microsoft has issued several status updates over the past few days via the Microsoft ...

Does fulfilling your regulatory compliance requirements actually lead you to be more secure?  Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary, unconnected or mutually exclusive with the quest to be secure? This is the heart of a ...

As if we needed another reason... A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems. That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web ...

The Second Service Pack for Windows 2003 (both x86 and x64 editions) and for XP Professional, x64 Edition was released without much fanfare a week ago.  There was initially some controversy in the Release Notes which suggested that one would need to uninstall IE7 prior to running the update, and then reinstall it, but that was cleared up ...

It's pretty much official now (in case you didn't believe it before):  We have exited the Worm era, and jumped head first into the era of specialized and targeted attacks... According to a recent article by ComputerWorld, SANS security organization sees upsurge in zero-day Web-based attacks. The following excerpt from the ...

It's pretty much official now (in case you didn't believe it before): We have exited the Worm era , and jumped head first into the era of specialized and targeted attacks ... According to a recent article by ComputerWorld, SANS security organization sees...(read more)

The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations.  The site is called Zero-Day Tracker, and can be found at the following URL: http://research.eeye.com/html/alerts/zeroday/index.html Welcome to eEye Research Team's Zero-Day ...

The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations. The site is called Zero-Day Tracker , and can be found at the following URL: http://research.eeye.com/html/alerts/zeroday/index.html...(read more)

According to some reports, spyware is getting harder and harder to control.  The sophistication of the malware makers is growing at a much faster pace than that of the security industry, even to the point of proof-of-concept adware code being developed for MacOS X. And with all this new malware comes a tremendous increase in SPAM over ...