Microsoft Kills OGA to keep people away from Google Docs

Tuesday, December 21, 2010

This is great news. Not just for people who use pirated office but even people who are still in a fix over using openoffice, google docs etc. Microsoft has stopped office OGA checks which was a pain the ass, Now you can still use your MS Office Installation without doing OGA check. You might see some nagging screens but that should be just fine.

I feel this is an indication that Microsoft is changing and going against Google. If microsoft can make sure people still use MS Office and lock people to use MS Office at home (pirated version) they will be able to keep people from shifting to google docs, most of the google docs users have been the ones who would not like to pay for office etc.  Microsoft is not directly promoting piracy but they are will get an advantage over Google Docs if they get more and more people to use Microsoft' Cash Cow MS Office and Frankly, Anyother office Package, is just not worth it when it comes to MS Office.. I use OpenOffice/LibreOffice, Google Docs and MS Office.. MS Still wins for me.. Darn, I even got Office 2007 installed on Linux using Wine.. :P

Cheers to Microsoft, atleast some of the headaches are going to go away for pirated Office users.


Note: I use a genuine copy of Office 2010 and I don't support Piracy.

Read more...
Posted by A at 2:59 PM , 0 comments
Labels: , , ,

Cloud Security Issues and Trends in Year 2011

Monday, December 20, 2010

What do CSOs and other IT security experts expect to be top-of-mind cloud security issues in 2011? Here are five things to watch for in the coming year: [Read More]

  1. Smartphone data slinging

  2. Need for better access control and identity management

  3.  Ongoing compliance concerns

  4. Risk of multiple cloud tenants

  5.  Emergence of cloud standards and certifications

 

Read more...
Posted by A at 5:46 PM , 0 comments
Labels: , ,

MSE 2.0 Microsoft antivirus - The Best Free AV - Download NOW

Microsoft's next version of Security Essentials is actually a pretty great update from its already-great predecessor. Microsoft's option has always been adequate at finding new malware without definitions, but the addition of an heuristic engine bumps its power up quite a bit. It may be subject to a few more false positives, but you're much less likely to get hit with malware than ever before.

It also includes some Windows Firewall integration that lets you tweak the Firewall from inside Security Essentials, as well as a network inspection feature that can inspect traffic as you browse, which is pretty neat. All in all, if you're using Microsoft Security Essentials (and why wouldn't you be?), you'll want to grab this update. Hit the link below to manually download and install the update.

http://www.microsoft.com/security_essentials/default.aspx

Read more...
Posted by A at 5:41 PM , 0 comments
Labels: , , , , , , , ,

Indian Government Hardening Systems to make them more secure

Thursday, December 16, 2010

India has instructed government ministries and departments to get their websites certified for security, following the hacking of the website of the country’s top investigation agency, the Central Bureau of Investigation (CBI).

The country’s National Informatics Centre has been instructed to host websites only after the ministries and departments produce security certification of their websites, and show compliance with guidelines prescribed by the government, India’s Press Information Bureau (PIB) said on Tuesday.

India’s Minister of State for Communications and IT, Sachin Pilot, held a meeting with key government officials to review the measures needed to enhance the security of the websites in particular and cyberspace in general.

The country’s ministries and departments have been instructed to audit their websites on regular basis, and whenever there are any major changes in the website applications.

The government’s Indian Computer Emergency Response Team (CERT-In) has empanelled over 50 IT security auditors for auditing the infrastructure of these organizations. A crisis management plan prescribed by CERT-In provides instructions to prevent and deal with attacks on websites.

Read more...
Posted by A at 5:27 PM , 0 comments
Labels: , ,

Open Source Security Testing Methodology Manual - OSSTMM 3 Released

OSSTMM is a methodology for testing and measuring operational information security.


The OSSTMM is developed by the Institute for Security and Open Methodologies - ISECOM, whose co-director is Pete Herzog. Pete’s mission as creator and writer of the OSSTMM - as I understand it - is to bring a more scientific approach to infosec.

In a security test (or penetration test) you don’t want to evaluate the ingeniousness of the tester (whitehat hacker) but rather the security of your information technology infrastructure. You don’t want to deal with biased terms like “risk” but rather measure factual operational security.

Risk is not something to measure but something you decide for yourself.

It’s biased. A tester should not give me a biased view but rather a reproducible and comprehensive view of factual operational security.

I have these and those systems that run services x,y,z of which some might have vulnerabilities or not and I have security controls in place or not. Maybe the controls themselves have limitations (weaknesses or concerns) that reduce their effect, or not. The OSSTMMv3 takes into account all of these aspects.
Whether or not the remaining risk is acceptable for my own business is not something that a penetration tester or consultant could decide for me.
I have not yet read the whole manual in the current version but there are certainly many points that need further discussion or clarification.

But one thing is sure: the OSSTMM version 3 is the best, most complete, least biased security testing methodology we have today and since the ISO apparently considers the OSSTMM for a new ISO standard, this methodology will most probably be here to stay and evolve.

Read more...
Posted by A at 5:24 PM , 0 comments
Labels: , ,

OpenBSD - The most secure OS has a hole thanks to FBI

There is an allegations that FBI may have smuggled back doors or security weaknesses into openBSD's cryptography have created uproar in the security community.

A Former government contractor Gregory Perry, who helped develop the OpenBSD crypto framework a decade ago, has claimed that contractors developing OpenBSD Software were paid to insert backdoors into OpenBSD's IPSec stack around 10 years ago. Perry recently warned the openBSD's Theo de Raadt of the development, years after the event, via an email that de Raadt has published in the spirit of openness.

Perry said he had waited until his ten year NDA with the FBI had expired before coming forward with the claims, which remain unsupported by secondary sources. If true the allegations mean that would have an easy way to tap into supposedly secure VPN links and other technologies based on OpenBSD's crypto stack.

You can Read the Email at OpenBSD Mailing List

This has kinda spooked the Security Community and has made organizations rethink their OpenBSD deployments. Well, The code review is on and we will soon know what was planted and how.

Read more...
Posted by A at 5:21 PM , 2 comments
Labels: , , , , , , ,

HTTP Parameter Pollution

Wednesday, December 8, 2010

web applications are built using heterogeneous technologies and consist of code that runs on the client (e.g., Javascript) and code that runs on the server (e.g., Java servlets). Even simple web applications today may accept and process hundreds of different HTTP parameters to be able to provide users with rich, interactive services. As a result, dynamic web applications may contain a wide range of input validation vulnerabilities such as XSS and SQL injection. 



HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.
The consequences of the attack depend on the application’s logic, and may vary from a simple annoyance to a complete corruption of the application’s behavior.
The typical client-side scenario consists of persuading a victim to visit a malicious URL that exploits the HPP vulnerability. For example, consider a web application that allows users to cast their vote on a number of different elections. The application, written in JSP, receives a single parameter, called poll_id, that uniquely identifies the election the user is participating in. Based on the value of the parameter, the application generates a page that includes one link for each candidate. For example, the following snippet shows an election page with two candidates where the user could cast her vote by clicking on the desired link:
Url: http://host/election.jsp?poll_id=4568
Link1: Vote for Mr. White
Link2: Vote for Mrs. Green


Presentation on HPP and Online based Service for HPP and url




Bata Distributor for All Gujarat http://gujaratagencies.blogspot.com/

Read more...
Posted by A at 9:38 PM , 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP