Vista's Security Rendered Completely Useless by New Exploit

Vista's Security Rendered Completely Useless by New Exploit

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of objects, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in...

Convergence of Voice, Data & Video over IP Networks Expo

Convergence of Voice, Data & Video over IP Networks Expo

IP'08 is designed for IT professionals involved in specifying and implementing converged networks and the applications that run on them across voice data and video. The event brings together the four key service stacks that impact an IP network, Mobility & Wireless, IP Applications such as voice, video and collaboration, Security and Management and finally the underlying Network Infrastructure. Over 80 free education sessions with 100+ vendors make this the most comprehensive focused convergence event in Europe.

Programs include:
1. DISCOVER Mobility & Wireless
2. SOLVE Security & Management
3. DEPLOY IP Applications
4. MANAGE Network Infrastructure

To register for this event (1st & 2nd Of Oct 2008, London), click here.

-Ken

The UK's First Virtualisation Expo Event 08

The UK's First Virtualisation Expo Event 08

EVENT OVERVIEW Virtualisation Management - VM'08

The impact of Virtualisation on the IT function is decisive and offers unparalleled opportunities for the enterprise from efficiency gains to cost reduction. Virtualisation will impact on so many fields of IT, from data centre automation, utility computing, green computing, security, business continuity, blades, to grid and SOA, making an independent and educational event essential for all companies looking to capitalise on the business benefits of virtualisation in an effective and controlled manner.
Key themes covered will be:

1. Managing the 'virtual sprawl'
2. Cost saving and capacity improvements
3. Managing physical network convergence in a virtualised environment
4. QoS on a virtual network
5. Selection of tools and politics to manage virtual assets

To register for this event (1st & 2nd of Oct 2008, London), click...

Black Hat Speakers expose Virtualization, OS Security Gaps

Black Hat Speakers expose Virtualization, OS Security Gaps

LAS VEGAS -- Will infrastructure virtualization sweep away existing switching structures while failing to grant benefits of performance, cost or improved security? Some say yes.

Virtualization "will not save you money, it will cost you more," said Christopher Hoff, chief security architect at Unisys. In addition, "virtualized security can seriously impact performance, resilience and scalability," he said in an impassioned presentation Wednesday at the Black Hat conference.

The next 12 to 18 months will bring an uncomfortable set of circumstances as every vendor rushes to claim it is virtualized, Hoff said in his talk titled "The Four Horsemen of the Virtualization Apocalypse."

Read the whole story here.

-Ken

Firefox 3.1 coming soon? Sniffing out the bugs

Firefox 3.1 coming soon? Sniffing out the bugs

Developers working on the next version of Firefox aim to release a beta to the public in August.

The project team has set a date of 19 August to freeze features and make the test version of Firefox 3.1 available, according to a calendar posting to the Mozilla wiki. However, the posting notes the date is an estimate.

Expected new features in Firefox 3.1 include native support for the open-source Ogg Vorbis audio codec and the Ogg Theora video codec, according to a draft list posted to the wiki. The inclusion of the open-source formats accompanies support for HTML5 in the browser, which will mean Firefox 3.1 will work with audio and video HTML tags.

Read the whole story here.

-Ken

Open Source: A 'Growing Challenge' to Microsoft

Open Source: A 'Growing Challenge' to Microsoft

Open source software topped the list of business "risk factors" outlined in Microsoft's annual 10-K report to the U.S. Securities and Exchange Commission.

Open source software topped the list of business "risk factors" outlined in Microsoft's annual 10-K report to the U.S. Securities and Exchange Commission, published last week. The emphasis seems a little surprising. For instance, global open source Linux use currently trails at 0.82 percent, while Microsoft Windows dominates the operating system market at 91 percent, according to stats from Net Applications' Market Share.

Microsoft's 10-K report depicts an unlevel playing field. Competitors distribute open source software at "nominal cost," making money off services instead of the software. Moreover, these open source software companies, unlike Microsoft, "do not have to bear the full costs of research and development for the software," the...

Be future-proof with a broader set of skills

Be future-proof with a broader set of skills

IT professionals will need a more sophisticated, business-focused skillset to meet changing demands, with integration, mobile IT and security expertise at a premium, says Karen Price

An E-Skills UK survey of more than 1,000 employers found that nearly three-quarters of IT jobs advertised were new roles. Two-thirds of these vacancies were the result of business expansion.

These figures suggest a vibrant job market for IT professionals. Yet the same survey also found that at least one-tenth of these companies were having difficulties recruiting IT staff with the required skills and experience.

E-Skills UK and Gartner have undertaken a review of the UK's IT skills landscape to evaluate what skills and experience employers are looking for. This work reveals the trends likely to affect the IT workforce over the next five years and beyond, and the implications for skills.

Read the whole story...

The UK IT skills crisis: an essential guide for IT professionals

The UK IT skills crisis: an essential guide for IT professionals

Yes, different parts of the IT industry have at some point over the past few years experienced difficulties in getting the right mix of skills. Although a relatively small number of businesses report difficulties finding staff, many appear to be "making do" with staff whose skills are not quite right.

This can be seen from recent examples from the Video games industry, Cisco's moves to address networking skills shortages, and the news earlier in 2008 that one in three companies is reporting IT skills shortfalls. It's not just the private sector that are outsourcing to overcome the skills crisis and reduce costs, but also the public sector, as the government's CIO John Suffolk explained in a conference in early 2008.

Read the whole story here....

Wardriving may hit UK

Wardriving may hit UK

British credit card details could be in danger from the same technique that saw over 40 million people in the USA become victims of identity theft, experts have claimed.

The attack involves hacking into wireless networks - called 'wardriving' - and hundreds of medium sized retailers may be at risk, reports silicon.com.

Retailers of this size, defined as handling up to six million Visa transactions, do not have to take an independent audit to make sure they are compliant with PCI DSS security standards, which would block the attacks.

A test by NCC Group in London last year found that 93 per cent of the 552 wireless networks tested did not have the strongest encryption standard and 41 per cent had 'broken' WEP encryption.

Read the whole aticle here.

-Ken

VMware Teams Up With Linux Foundation

VMware Teams Up With Linux Foundation

VMware joined the Linux Foundation on Wednesday. The alliance will help VMware further its collaboration with the Linux community, especially with developers of the Linux open source operating system kernel used to integrate VMware's virtualization software.

VMware's product provides a solution that that can abstract a computer's underlying hardware, allowing software to run across various hardware configurations. The solution uses technology called a hypervisor to do so. It helps make computers more "agnostic" to the operating systems and software used.

Currently, VMware's solution, which is not an open source application, supports "all major Linux operating systems," according to an announcement issued by the foundation.

VMware plans to contribute its Virtual Machine Interface to the foundation as an open specification. The company also expects to work with the Linux operating system kernel community on a...