Don’t press F1 in Windows XP: Microsoft

Filed under Microsoft Windows, News, Uncategorized, Windows XP by on March 10, 2010 at 5:48 pm {no comments}

The software giant Microsoft has told Windows XP users not to press the F1 key when prompted by a Web site, as part of a security advisory.

The advisory has been issued regarding an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In the advisory, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed last week.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue,” reads the advisory.

Recently, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file and convincing them to press the F1 key when a pop-up appeared. Such files have a “.hlp” extension.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems, including IE6 on Windows XP, could be exploited by hackers.

The security advisory said, “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.”

Users can also thwart the attacks by disabling Windows Help.

Source

Cloud computing is just another term for outside your control.

Filed under News by on April 18, 2009 at 7:16 pm {no comments}

The Darker Side of Cloud Computing

Cloud computing is a marketing buzzword that’s thrown around an awful lot today. A vague (but useful) definition is that cloud computing refers to data, processing, or experiences that “live” out there somewhere in the cloud we call the Internet. Everyone’s got something going on in the cloud these days: collocating or hosting Web or e-mail servers, social networking, software as a service (SaaS), even infrastructure as a service (for example, off-site online storage). Cloud computing is becoming very popular, primarily as a money-saving technique—cloud services don’t require expensive in-house hardware, software, and staff. In addition, cloud services are usually available for a small monthly fee rather than a huge up-front expense, which makes them even more attractive from a budgeting standpoint. Like many things that seem to have only an upside, cloud computing makes me nervous.

The cloud is burgeoning. Businesses are using Salesforce.com for CRM; Zoho, Microsoft Office Live, and Google Apps for office productivity; Intuit QuickBase or a hosted Microsoft SQL Server for databases—and the list goes on. More features, less expense, and fewer IT resources? It almost sounds too good to be true. And it may be. Much the way in the early eighties we asked “Where’s the beef?” we should now be asking “Where’s the security?”

To secure data, you need to understand something I like to call the data life cycle: How data is collected, entered, processed, transmitted, stored, reported, and exported. Any one of these stages may contain multiple vulnerabilities, some ubiquitous and some particular to your environment. To assess the security of corporate data, you’ll have to understand the risks that apply to each stage of the data life cycle. You will be able to take proactive steps to prevent data from being compromised by understanding the integration of security risks, business processes, and the data life cycle.

By now you are probably beginning to see the downside to cloud computing—it’s difficult enough to protect data that doesn’t leave your control as part of ordinary business, but in the cloud you’ve relinquished control. Depending on your contract, you may not even own your cloud-resident data! And worse, there are clouds within the cloud—your provider may subcontract with another provider for data storage, and that provider might also subcontract for data storage management. Your provider may not even be able to tell you where your data is, or even which country it is in and whether the laws that apply to you regarding data security and breach disclosure even apply in that twice-removed jurisdiction.

Gartner published a great report in early June that is the industry’s first attempt to identify the security risks of cloud computing. In it, Gartner urges something that we at PC Magazine have been advocating for decades: full disclosure (aka “transparency”) with regard to security practices and procedures. The reasoning is simple: If your provider can’t tell you exactly what it does to protect your data at each stage of the data life cycle, then how good a job do you think that provider is doing?

What other recommendations spring from Gartner’s findings?

  • Apply internal risk assessment and controls to all externally sourced (cloud) services.
  • Assess all legal, regulatory, and audit issues associated with location independence and service subcontracting.
  • Demand transparency. Anything less is a deal breaker! Don’t contract for IT services with a vendor that refuses to provide detailed information on its security and continuity management programs.

Yes, cloud computing is a set of powerful technology solutions that are here to stay. It provides cost savings that may temporarily blind you to the risks. But don’t dive in simply to save money and time. Evaluate each service’s security the same way you would evaluate off-the-shelf hardware and software. Ask tough questions about data security. If your provider refuses to answer, or his answer doesn’t adhere to your current security policy, look elsewhere. I’ve sat through countless vendor meetings and I guarantee you this: Every time a security concern is dismissed as “taken care of” without explanation, it’s a potential problem.

source

Windows 7′s Jump List feature

Filed under Desktop, Microsoft Windows, News, Windows 7 by on April 10, 2009 at 6:43 pm {no comments}

Jump Lists are a new feature in Microsoft Windows 7 that are designed to make it easier to find what you want and perform common operations associated with an application. Jump Lists appear on the Start menu as well as on the Taskbar when you right-click on an icon. As I’ve been working with Windows 7, I’ve learned to take advantage of Jump Lists and really love the boost in computing efficiency.

Recently, I was extolling the benefits of the Jump List to a couple of friends, and one of them blasted my newfound penchant, saying that the Jump List feature was nothing more than a glorified My Recent Documents menu. (Obviously, he is still using Windows XP.) I responded that he was actually right, but he was also wrong.

It’s true that the Jump List feature is an enhancement that can very easily trace its origins to the Recent Documents feature, which by the way first made its appearance on Windows 95’s Start menu as the Documents menu. However, delivering a listing of recently opened documents is but a small piece of what the Jump List provides.

In this edition of the Windows Vista and Windows 7 Report, I’ll introduce you to Windows 7’s Jump List feature. As I do, I’ll show you the Jump Lists for several applications and describe the features in more detail.

Note: Keep in mind that this is a prerelease version and that the look and features of Windows 7 that I will discuss here may very well change between now and the time the operating system is actually released.

Jump List feature in a nutshell

The Jump List feature is designed to provide you with quick access to the documents and tasks associated with your applications. You can think of Jump Lists like little application-specific Start menus. Jump Lists can be found on the application icons that appear on the Taskbar when an application is running or on the Start menu in the recently opened programs section. Jump Lists can also be found on the icons of applications that have been specifically pinned to the Taskbar or the Start menu.

Jump Lists on the Start menu will appear a little different than Jump Lists on the Taskbar. However, they will provide the same functionality.

By default, the Jump List can contain the application’s shortcut, the ability to toggle pinning, the ability to close one or all windows, access to specific tasks associated with the application, and once you begin using the application, a list of recent documents or destinations depending on the application.

Now that you have a general idea of how Jump Lists work, let’s take a look at the Jump Lists for several applications.

Read More

Page 8 of 8« First...«345678
rss twitter facbook

Categories

Archives