Author: admini

One of the government websites was hacked after one of the accounts on the server on which the website is was compromised, Information Technology Minister Austin Gatt said yesterday. Indications were that the attack was done by a person using a Moroccan internet Service Provider. The only consequence of this…

Update Rollup 1, which has been in beta testing for the past month, is being positioned by Microsoft as a more convenient way for users to deploy patches they might have missed when the original vulnerabilities — and associated security bulletins — were posted on the company’s Web site.

When discussion of the Rollup first started, analysts saw it as an attempt by Microsoft to provide an interim pack of security updates prior to the release of a second Service Pack for Windows XP, which at that point wasn’t expected until the middle of 2004.

As recently as last week, however, Microsoft CEO Steve Ballmer, in a wide-ranging talk about Microsoft’s security plans, repeated that Service Pack 2 (SP2) would not release until the half-way point of next year.

No matter what the time frame for SP2, the recently-released rollup meets only half of the criteria that analyst Michael Cherry, of Directions on Microsoft, a research firm that tracks Microsoft’s moves in the marketplace, thinks is necessary for success.

Such a CD would be a better way to get the 9MB rollup out to customers, such as consumers and small business users, who access the Internet through slow dial-up connections.

One way that the rollup may be used, he added, would be by OEMs, which could conceivably add it to their Windows XP distributions they pre-load on new PCs.

In his speech last week at the company’s Worldwide Partner Conference in New Orleans, Ballmer announced that the Redmond, Wash.-based developer would switch to a monthly schedule for non-critical security updates, replacing the sporadic Wednesday bulletins and patches.

Download from: http[url=http://support.microsoft.com/default.aspx?scid=kb;en-us;826939]://support.microsoft.com/default.aspx?scid=kb;en-us;826939[/url]
More info: [url=http://www.techweb.com/wire/story/TWB20031016S0007]http://www.techweb.com/wire/story/TWB20031016S0007[/url]

Oracle Identity Management enables system administrators to establish single sign-on for employees, partners or customers who need access to multiple business applications.

The software includes LDAP directory services to store and manage user identities and access control privileges, and integration services for connecting to an existing security and directory infrastructure, officials with the Redwood City, Calif., company said.

The software also has user provisioning services for Oracle and non-Oracle applications, and public key infrastructure services, including a certificate authority to issue digital certificates for users.

More info: [url=http://www.techweb.com/wire/story/TWB20031016S0011]http://www.techweb.com/wire/story/TWB20031016S0011[/url]

Steve Ballmer briefed attendees on approximately what the update was supposed to do, but not how, in his security manifesto last week, but Paul Thurrott has some specifics, the most important being that the update to the built-in firewall will include features from Microsoft Internet Security & Acceleration Server, including outbound scanning capabilities.

Note that the two are described as complementing one another, but that’s more a case of Microsoft product positioning for the business market, and clearly doesn’t apply elsewhere.

Note also that Microsoft categorises ICF as “limited baseline protection for a home or small business network,” i.e. as it shipped in XP it was never seriously intended to do front line firewalling on its own.

If you ship a mini firewallette that by default is off and that is categorised as “baseline”, then clearly it’s not your fault if people are too dumb to get themselves proper firewalls.

But if you ship something you call a proper firewall and then it turns out not to protect users as they thought they’d be protected, it is your fault.

More info: [url=http://www.theregister.co.uk/content/55/33435.html]http://www.theregister.co.uk/content/55/33435.html[/url]

US District Judge Marilyn Hall Patel in San Francisco threw out the case after the Bush administration said it would no longer try to enforce portions of the regulations, according to parties involved in the proceedings.

More info: [url=http://news.zdnet.co.uk/business/0,39020645,39117187,00.htm]http://news.zdnet.co.uk/business/0,39020645,39117187,00.htm[/url]

Keep your eyes open for a new version of SoBig. Something has got to be coming out soon.