The UltraTech Zone

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions ...

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not...(read more)

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890, that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks via Internet Explorer.  In other words, drive-by attacks. This vulnerability impacts ...

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890 , that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks...(read more)

The Conficker worm continues to make headlines, not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations, it could prove to be a not-so-happy day. You can read up on the anticipated April 1 ...

The Conficker worm continues to make headlines , not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations,...(read more)

Quite frankly, it’s even more important than it has been in the past.   This morning, I was reading some articles on information security, including news about the Conficker worm.  You know, we haven’t had a really good worm in 3 or 4 years, so it seems that people have forgotten about how dangerous those things can be, and how ...

Quite frankly, it’s even more important than it has been in the past.   This morning, I was reading some articles on information security, including news about the Conficker worm .  You know, we haven’t had a really good worm in 3 or 4...(read more)

Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007.  Things quieted down in the latter portion of 2007, as the security industry was able to clamp down ...

Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007.  Things...(read more)

In today's story of immense irony, we find a vendor taking time to bash another vendor for a security flaw, only to have diligent 3rd parties point out that the flaw exists for the bashing vendor as well. What a waste of time.  If folks would focus more on the issues they need to address, and less on showmanship and one-up-manship, they ...

It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in Windows. Microsoft has issued several status updates over the past few days via the Microsoft ...

As if we needed another reason... A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems. That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web ...

This has been a fun month with all the Daylight Saving Time patching from a myriad of vendors.  (I wonder if anyone has done a study to see how much energy we burned preparing to save three more weeks of daylight?) Although Microsoft is the favorite whipping boy in these situations, they weren't the only vendor that was slow to provide solid ...

The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations.  The site is called Zero-Day Tracker, and can be found at the following URL: http://research.eeye.com/html/alerts/zeroday/index.html Welcome to eEye Research Team's Zero-Day ...