He,he,he, I thought this was funny….

If your system gets infiltrated by a rootkit, you might as
well just “waste the system entirely,” a Microsoft official told
fellow security professionals last week

From: Information Security News: Microsoft exec warns of rootkits

This is quite a funny statement, but the point is very serious, if you have been “root’d“, the only way to recover is from a trusted source

This is a quick note to myself really, as a security professional I get asked these questions a lot, and sadly each time I forget a nice simple answer, well this is what I think:

What’s the difference between a Virus and a Worm ?
A Virus is an application of malicious code.
A Worm is malicious code that can reproduce it’s self.
Following Feedback: Better Suggestions

• A Virus infects another application for propagation.
• Worms are self propagating code.

I really like Site Advisor, the best thing about it is the search engine integration, check out this screen-shot*

As you can see, you get a quick report before you even click on the link, only visiting green sites mean less pop-ups, less spy-ware and in overall a better Internet experience.

So Why am I mentioning this now ? Well my site just got it’s green tick, I’ve also signed up as a reviewer. Being a reviewer means that you can add the ‘human factor’ to their tests, so If you get a bad experience from a green site, or find a miss classified red one, you can get your voice heard !

Secure Voice over IP: Zfone

By Philip Zimmermann

Secure Voice over IP: Zfone

14 Mar 2006 - I’ve just released Zfone, a new product that takes a new approach to make a secure telephone for the Internet.

I think it’s better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all.

Nokia 6136 Phone

Smooth and seamless transitions between GSM and WLAN networks
…..

Available: Planned in the second quarter of 2006

All I can say is watch this space … <thinking aloud>What’ll be most interesting is how they achieve the voip/wlan link - cisco integration, skype, avaya? - gonna have to do some investigation me thinks ! </thinking aloud>

I found this over the weekend….

Spyware, Adware, Spam, Phishing, Viruses, Identity Theft Protection | SiteAdvisor
SiteAdvisor helps protect you from all kinds of Web-based security threats including spyware, adware, spam, viruses, browser-based attacks, phishing, online fraud and identity theft.

It seems cool, a different approach the the anit-phishing type stuff. Basically you get a simple security report about the sites you visit. The report comes in the flavour of a traffic light in your browser toolbar, green is safe - red is not. Another nice touch is the traffic light is added to our google results, so before you even click on a site you can determine how ‘hostile’ the webmaster may be.

This article from yesterday cannot go unmentioned….

BBC NEWS | Business | Nokia launching net call handsets
Nokia is introducing new mobile phone handsets that will enable users to make calls over the Internet.

Nokia putting Skype were the 1st people to try and offer consumers or “Joe public” voip phones for home use, it’s not that the technology is new, cisco & avaya have been offering businesses the technology for years, it’s just that it wasn’t quite right for the market at large.

BBC NEWS | Technology | UK court to unmask ‘file-sharers’

Pirated Windows CD
About a quarter of software in the UK is estimated to be pirated
Ten Internet service providers have been ordered to hand over the details of 150 UK customers accused of illegally sharing software.

The High Court order follows a 12-month covert investigation by the Federation Against Software Theft (Fast).

Among the Internet providers are BT, NTL, Telewest and Tiscali.

Over the next two weeks, they are expected to provide the names, addresses and other personal details of the alleged file-sharers.

Protect your savings from Phishing attacks.

Anti-Phishing toolbars are trendy at the moment, google and ebay are a couple of the big players.

I agree with tool bars for security, in fact, one of the best things about firefox is the fact that you can extend it so easily, the problem is they generally need a specific version or browser, ebay’s need internet explorer and googles only works on firefox 1.5+ - what about those on macs or people like me who still run firefox 1.0 ?

I forgot my sa password today for our Microsoft sql server - I knew roughly what it was, but needed to just keep trying until I hit the right answer… now it took me ages to find this wid google so I thought I’d share it….

On a sql box there is a command line client, so in DOS you can test you connection (i.e. username + password)

This post on Slashdot.org has prompted me to make a long awaited 1st update to my security section.

You can now see the current INFOCon status on my security page