Interesting Information Security Bits for 12/10/2008

by kriggins on December 10, 2008

in Interesting Bits

Hello everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nice write-up for those who need a primer on building a patch management program. Those already responsible for one would probably benefit from a quick read too.
    http://www.networkworld.com/news/2008/120908-how-to-handle-security-patches.html
    Tags: ( patching program )
  2. Looks like DNSSEC might be getting some traction.
    VeriSign, NeuStar and others team on DNS security
    Tags: ( dns dnssec )
  3. Here is part 2 of a nice descriptoin of User Account Control Virtualization (UAC). Part 1 is here http://www.windowsecurity.com/articles/Protecting-System-Files-UAC-Virtualization-Part1.html
    Protecting System Files with UAC Virtualization (Part 2)
    Tags: ( vista uac )
  4. Time to update the IDS/IPS signatures. There is a new nasty out that takes advantage of IE7.
    New Web attack exploits unpatched IE flaw
    Tags: ( microsoft ie vulerability )
  5. Mr. Dahn has a few words to say about PCI and virtualization. You should go read them.
    PCI Blog - Compliance Demystified >> Blog Archive >> PCI already addresses Virtualization
    Tags: ( pci virtualization )
  6. Part 4 is up of this great series.
    Building a Web Application Security Program: Part 4, The Web Application Security Lifecycle | securosis.com
    Tags: ( webappsec program )
  7. The Black Hat Japan 2008 audio and presentations are now available.
    Black Hat Japan 2008:buratukuhatutoziyapan2008
    Tags: ( presentations conference audio )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 3 comments… read them below or add one }

1
Mike December 10, 2008 at 3:56 pm

Thank you for the link and reference on PCI. If people are interested in learning more about PCI they can read the blog, join the facebook group, participate in the online forum.

If they want a structured education on the payments industry, PCI, and regulatory compliance I recommend they check out: http://paymentsecuritypros.com/ and the CPISA and CPISM certifications.

Reply

2
Cd-MaN December 15, 2008 at 12:17 am

It’s called File and Registry virtualization, not UAC virtualization (http://hype-free.blogspot.com/2008/12/importance-of-understanding-take-2.html). The guy only wants to sound more important than he is!

Reply

3
kriggins December 15, 2008 at 7:34 am

Thanks for reading my blog. I appreciate it.

I would like to mention a couple things in response to your blog rant.

1) In the first paragraph of Mr. Delber’s article, he uses the phrase “User Account Control and Virtualization” which is accurate. A little further in he writes “UAC lends a helping hand by virtualizing the file system and Registry namespace.” Again, accurate. From that point on he does refer to the process as UAC virtualization which I propagated in my comments on my blog post.

2) However, Microsoft does the same thing. Particularly in their FAQ on User Access Control here http://technet.microsoft.com/en-us/library/cc772207.aspx.

Considering the two statements above, I view your rant as out of line and itself lending to the problem you are ranting about.

Reply

Leave a Comment

Previous post:

Next post: