Tuesday, March 02, 2010

Experts says Oracle slow on patching security issues

“They (Oracle) are one of the slowest to get things patched. It is astonishing how backwards they are in terms of fixing security issues.” -- David Litchfield, co-founder and principal security consultant, NGSSoftware

The Apache module, which contains the flaw, allows Web applications to use the Procedural Language/Structured Query Language (PL/SQL) to dynamically create database calls. The code has security weaknesses that have been perennial sources of problems for the database maker. Oracle has patched various issues found by NGSSoftware four times, and each time, the company finds a way around the patch, Litchfield said.

Experts talking about security on MAC vs PC

Interesting read ... I urge you guys to spend some quality time going through this.

"If you look at the number of published vulnerabilities in software and the number of users and compare Windows versus Mac OS you will discover that Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself." -- 3ric Johanson, security researcher

Chrome learns from IE8

Chrome is learning from IE !! Google nothing to be ashamed off ... feel free to learn from the leader :)

Google yesterday announced it has added several new security features to Chrome, including two that were first popularized by rival Microsoft in Internet Explorer 8 last year.


Find below some useful articles on Deployability.

Microsoft Deployment Toolkit (MDT) 2010
Microsoft Assessment and Planning Toolkit
Choosing a Deployment Strategy
The Windows Automated Installation Kit (AIK) for Windows 7
Microsoft Application Compatibility Toolkit 5.5
Understanding Application Compatibility
Five Steps to Windows 7 Application Readiness
Deploying Windows 7 from A to Z
Windows 7 Enterprise 90-day Trial

Thursday, January 07, 2010

Windows 7 related

Windows 7 related

Download the new eBook on Deploying Windows 7 - http://go.microsoft.com/?linkid=9691265

77 Windows 7 Tips -

Groovy Security in Windows 7 - http://technet.microsoft.com/en-in/magazine/2009.10.win7security(en-us).aspx

Inside Windows 7 User Account Control - http://technet.microsoft.com/en-au/magazine/2009.07.uac.aspx

AppLocker: IT’s First Security Panacea? - http://technet.microsoft.com/en-au/magazine/2009.10.geekofalltrades.aspx
Useful Downloads

Forefront Edge Protection: http://www.microsoft.com/forefront/edgesecurity/en/us/default.aspx

Forefront Security Products Trial Software and Downloads:

Microsoft Assessment and Planning (MAP) Toolkit for PC Security - http://technet.microsoft.com/hi-in/solutionaccelerators/dd627343(en-us).aspx

Security Compliance Management Toolkit Series - http://technet.microsoft.com/hi-in/library/cc677002(en-us).aspx

TechNet Virtual Lab: A Technical Overview of Microsoft Forefront Client Security - http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345258&EventCategory=3&culture=en-US&CountryCode=US

Scripting Guy Blog - http://blogs.technet.com/heyscriptingguy/

Infrastructure Optimization Model - http://technet.microsoft.com/en-au/infrastructure/default.aspx

Internet Explorer 8 Readiness Toolkit - http://www.microsoft.com/windows/internet-explorer/readiness/it-pro.aspx

Competition News

1. Firefox flaws account for 44% of all browser bugs -


2. Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7 - http://www.computerworld.com/s/article/9137992/Apple_missed_security_boat_with_Snow_Leopard_says_researcher?taxonomyId=17&pageNumber=2

3. Security Essentials tests better than Symantec, McAfee -

Latest Security Intelligence Report Shows Resurgence in Worm Attacks

Review the latest Security Intelligence Report (SIRv7) to find deeper analysis and recommendations based on data input from over 450 million computers worldwide to help you successfully plan and manage protection technologies. - http://www.microsoft.com/security/portal/Threat/SIR.aspx

Wednesday, January 06, 2010

Microsoft Security Development Lifecycle (SDL)

Educate yourself and your organization on how to build more secure applications. The SDL Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to roll out the Microsoft Security Development Lifecycle (SDL) in your organization - http://msdn.microsoft.com/hi-in/security/sdl-starter-kit(en-us).aspx

The Trustworthy Computing Security Development Lifecycle


SDL Home - http://msdn.microsoft.com/hi-in/security/cc448177.aspx

SDL Blog - http://blogs.msdn.com/sdl/

Security Forums - http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/threads/