http://www.digwin.com/cat/Windows Security/hot Microsoft Top news, Buzz & Breaking Stories by communities en http://www.digwin.com/students-signing-up-for-computer-hacking The threat of cyber attacks on businesses and governments has led to a rapid increase in the number of universities offering students the chance to learn how to hack computer networks. http://www.digwin.com/opera-1001-remote-array-overrun-arbitrary-code-execution Topic : Opera 10.01 Remote Array Overrun (Arbitrary code execution) SecurityAlert : 73 CVE : CVE-2009-0689 SecurityRisk : High http://www.digwin.com/zeroday-vulnerabilities-in-firefox-extensions-discovered One of the reasons behind Firefox’s popularity is the availability of a vast library of extensions. Users use them to modify the browser to their liking and make their browsing experience easier and more pleasant See the rest here: Zero-day vulnerabilities in Firefox extensions discovered http://www.digwin.com/introducing-the-infosec-assessment-protection-suite InfoSec Assessment & Protection (A&P) Suite . Its a suite made up of protection and assessment tools which include: Web Protection Library (WPL) - an umbrella for several libraries and runtime modules including the Microsoft Anti-Cross Site Scripting Library v3.1 (Anti-XSS V3.1) and Security Runtime Engine (SRE), packaged together with Anti-XSS http://www.digwin.com/ms09064-critical-vulnerability-in-license-logging-server-could-allow-remote-code-execu Severity Rating: Critical - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An http://www.digwin.com/a-peek-at-msrt-november-threat-reports By continuing to include new variants of the existing threat families, the MSRT has removed malware from more than 1.5 million machines three days after its release on 10 November. This month weve also added to the MSRT detection and have removed these new rogues from more than 110,000 machines. A lot of the top threat families are no strangers if http://www.digwin.com/event-sans-appsec-2010-training-conference-in-san-francisco-this-january Check out the 7 different courses that address the actual problems application developers and programmers face every day, including Developer 320: Introduction to the Microsoft Security Development Lifecycle (SDL). SANS is a member of the SDL Pro Network and also the largest trusted resource for security training and certifications in the http://www.digwin.com/avast-antivirus-aswrdrsys-driver-local-privilege-escalation-vulnerability Avast! Antivirus is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition. Go here to see the original: http://www.digwin.com/malware-writers-feeding-on-twilight-mania Online scammers get their teeth into unsuspecting victims Growing interest about the Twilight vampire series is making life risky for fans seeking information online, experts have warned. Security firm PC Tools documented a growing number of attacks and scams related to the popular book and movie series. The company expects such attacks to http://www.digwin.com/rogue-security-software-still-top-threat “…REDMOND, Wash. — Nov. 2, 2009 — Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, http://www.digwin.com/directaccess-design-and-deployment-guides “This document contains both the Design Guide and the Deployment Guide for DirectAccess in Windows Server 2008 R2. These guides help you to design and deploy DirectAccess servers, DirectAccess clients, and infrastructure servers on your intranet. Use the Design Guide to answer the “What,” “Why,” and “When” questions a deployment design team mi http://www.digwin.com/windows-server-2008-r2-updates-to-security-monitoring “…There are a number of auditing enhancements in Windows Server 2008 R2 and Windows 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include: Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define comp http://www.digwin.com/forefront-online-protection-for-exchange-fope-documentation If you’re interest in Forefront Online Protection for Exchange (FOPE), aka Forefront Online Security for Exchange (FOSE), ex-Exchange Hosted Filtering (EHF), you may find the following downloads interesting: Setup Checklists: Microsoft Forefront Online Protection for Exchange and Exchange Hosted Archive 9.2 - Use the following setup checklists to he http://www.digwin.com/nsa-dod-working-in-partership-with-microsoft-to-develop-windows- “Working in partnership with Microsoft and (the Department of Defense), NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without … More here: NSA, DoD working in ‘partership’ with Microsoft to develop Windows … http://www.digwin.com/ms09063-critical-vulnerability-in-web-services-on-devices-api-could-allow-remote-code- Severity Rating: Critical - Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system http://www.digwin.com/whats-another-32bits-to-malware The migration of PC computing from 32-bit to 64-bit is in full swing at last, and if youve been confused as to what it all means, youre not alone. PCs built for years now have been capable of running both 32-bit and 64-bit operating systems, but for that you need 64-bit version of Windows (and corresponding drivers for devices), and getting http://www.digwin.com/how-to-configure-wpl-v10-sre Save to save the configuration. The following sections are added to the configuration file. Once the configuration is in place, ASP.NET will now try to resolve the httpModules defined in the configuration. In case of 64-bit windows Go to %ProgramFiles(x86)%\Microsoft Information Security\Web Protection Library v1.0\SecurityRuntimeEngine or 32-bit http://www.digwin.com/seesmic-moving-to-windows-platform-announces-seesmic-for-windows During this morning’s keynote at PDC09 – Seesmic Founder Loic Le Meur joined Ray Ozzie on stage to make a very important announcement regarding the future of Seesmic. Seesmic focuses on bringing many of your favorite social networking services like Twitter and Facebook together into a single application so you don’t have to bounce between those http://www.digwin.com/pdc09-day-one-software-services-identity-roadmap-update Announcement: WIF Windows Identity Foundation RTW Extensions to .NET for claim-based identity http://www.microsoft.com/wif Interesting Changes Genera Server is now called Active Directory Federation Services 2.0 and comes as part of Windows Server 2008 and not separately. Genera Framework is now called Windows Identity Foundation and is an http://www.digwin.com/pdc09-day-one-sql-azure-present-futures Data Platform as a Service In the future will have Reporting, Data Analytics SQL Azure Database Relational Database service SQL Server technology foundation Scalable Symmetrical SQL Azure Provisioning Each account has zero or more servers Azure wide provisioned in a common portal Billing instrument Each server has one or more databases contains