Enclave Security "A Leader in Data Protection Services"

• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Recent Posts

• Flash Player as a spy system: CyberSecurity Highlights September 8th
• Hotmail suffers hours-long outage on Thursday: CyberSecurity Highlights Sept 7th
• Malware hosted on Google Code project site: Cyber Security Highlights September 3rd
• BadB now charged in RBS WorldPay ATM case: Cyber Security Highlights Sept 2, 2010
• HP holds Navy network Hostage for $3.3 billion: Cyber Security Highlights

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• CISA
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• Health Information Technology
• Information Security Awareness
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sharpen the Saw
• Social Engineering
• Tools
• Training
• Web 2.0
• Writing Secure Code

Attend an Event

Enclave on Twitter

« Info Sec Highlights from the DHS Open Source Report 12-28-2009 | Main | Info Sec Highlights from the DHS Open Source Report 12-30-2009 »

Info Sec Highlights from the DHS Open Source Report 12-29-2009

By Kelli Tarala | December 31, 2009

Microsoft Confirms 0-Day IIS Security Vulnerability
A zero-day security vulnerability affecting Internet Information Services (IIS) was reported just before Christmas, and Microsoft has already provided the first response last week.   The issue in question affects version 6 of IIS on a fully patched Windows Server 2003 R2 SP2; however, additional IIS releases could be affected.  According to Jerry Bryant, Microsoft security program manager, “The vulnerability identified in Microsoft Internet Information Services (IIS) involves the incorrect manner in which the server deals with files with multiple extensions.  A possible attacks scenario could be based on an exploit constructed out of malformed executables.
Full Story:
http://news.softpedia.com/news/Microsoft-Confirms-0-Day-IIS-Security-Vulnerability-130650.shtml

Microsoft Security Response Center:
http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx

 Live Spaces Blogging Platform a Springboard for SEO Poisoning
illegal and fraudulent online pharmacies are using Microsoft’s Live Spaces, free blog hosting environment, to trick people to visit their sites. The fraudsters register accounts and then use those accounts to link to fraud sites.  As the search engine ranking of the target sites goes up this contributes to  better Search Engine Optimization (SEO), even those it is fraudulent. Spam emails also link to these fake blogs rather than directly to the pharma-fraud site in an effort to better evade spam filters that might otherwise detect the link to the fraudulent website.
Full Story:
http://www.v3.co.uk/v3/news/2255427/seo-poisoners-exploiting

eSoft’s Threat Center Live Blog:
http://threatcenter.blogspot.com/2009/12/livecom-exploited-as-pharma-fraud-cover.html

To Read the Complete DHS Report:

www.enclavesecurity.com/blogresources/cdr_122909.pdf

Topics: DHS Infrastructure Reports, Microsoft Windows, Web 2.0 |

Comments are closed.