Category Archives: Microsoft

Security Smörgåsbord

Wow! December already – well, it’s been a fast and furious year, kicking off with the media fest that was the Conficker worm, through various other disasters and debacles all of which have only confirmed to many of us in the industry that our utopian malware free world is not likely to arrive any time soon (sorry David, you’ll have to delay that retirement for a while).

Things haven’t slowed down much, and over the last days a few things have caught my ever roving eye,

Firstly, there was a rather amusing spat caused by software company Prevx firstly accusing Microsoft security patches for causing a ‘black screen of death’, (which of course was fixed by their own patch), and later retracting the statement when it became clear that it wasn’t the security patches, but more likely the actions of malware on the systems that causes the problem. (Link: http://news.bbc.co.uk/2/hi/technology/8388253.stm). One has to wonder how the Prevx patch was supposed to really fix the problem if they had no real idea of the cause – at least, they hadn’t checked whether it really was the fault of MS.

Secondly, there was the rather splendid news that the URL shortening service bit.ly – among the most popular shorteners for users of sites like Twitter – has signed up with three major security vendors (Sohpos, Verisign and Websense) to try to block spam and malicious links on their site. This can only be a “Good Thing” (TM). (Link: http://www.wired.com/epicenter/2009/11/bitly-partners-with-security-firms-to-block-spams-scams-from-twitter/). Some of the other services offer previewing of the links, but this is extra annoyance for users and also pushes the decision on whether to visit the site to the user (not a Good Thing).

Thirdly, there is some heartening news from Facebook in that they’re going to offer more granular control over content privacy. There have been quite a few articles and papers on this subject, (including one by yours truly) so it’s good to see that the issues have been considered. I don’t know that it will solve all of the problems, but it may well highlight the privacy issue to more FB users who perhaps weren’t aware that, say, joining a Network exposes their content to all the members of that network unless they specifically block that (Link: http://blog.facebook.com/blog.php?post=190423927130). Social networks are great things for keeping up with people, particularly if you’re a continent hopping researcher with friends all over the world, but the rapid explosion in their use has led to frequent lapses in security and the discovery that – as is often the case – security and privacy issues have been secondary to service development and uptake.

Lastly, and I hope you’ll forgive me for the quick tune on my own trumpet, I’m happy to announce that K7 Security Solutions are now available in German, and can be found at http://k7.de (Disclosure of interest: I am also the CTO of K7 Computing Ltd).

Andrew Lee CISSP
AVIEN CEO