- +
Everything you need to know about Microsoft certs 31 December, 2007 07:16:29
Certification guru Patrick Regan explains the new Microsoft certs and reveals which Cisco, project management and security certs are worthwhile.Moderator-Julie: Welcome and thank you for coming. Our guest today is certification guru Patrick Regan. Patrick has penned over a dozen books, written the study guides for the A+ certification exams for Cisco Press and is currently writing an Exam Cram on Windows Server 2008. When not writing books, Patrick is a senior network engineer at Pacific Coast Companies supporting a large enterprise network and a celebrity blogger for Microsoft Subnet. We are giving away 15 free copies of Patrick's latest book, too. Go to the contest page for details. Now onto the chat.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Radicati Market Quadrant 2008 on Corporate Web Security
Web Security SaaS: The Next Generation of Web Security
A Guide to Next-Generation Backup, Recovery and Archive
Enterprise Wireless WLAN Security
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Best Practice in Building an Integrated Information Management Strategy
Understanding Email Marketing: A Guide for SMBs
The CIO Executive Council Guide to Success
Newsletter Subscription
Microsoft on Thursday chalked in four security updates for next week that would fix vulnerabilities in Windows, SQL Server and Exchange Server.
All four were labeled "important," the company's second-highest ranking, even though one of the Windows updates will quash a bug that attackers could use to execute malicious code remotely. That kind of vulnerability has been regularly rated as "critical" by Microsoft in the past.
As is its practice for pre-patch notifications, Microsoft disclosed few details Thursday of next week's updates other than their severity ranking and the affected software.
"None of these were on my radar," admitted Andrew Storms, director of security operations at nCircle Network Security Inc. "I'm doing quite a bit of head scratching given the variety and interesting details [in the bulletins]."
One of the two Windows bulletins will patch Windows 2000 and Windows XP -- including the recently released XP Service Pack 3 (SP3) -- but not Windows Vista, while the second update slated for the client operating system will patch Vista, including Vista SP1, but not the older OSes.
The Vista bug caught Storms' eye because while Microsoft said it could result in remote code execution -- a description reserved for a serious vulnerability that could let hackers hijack a PC -- the company ranked it as important, not critical.
"I read that kind of bug as 'critical'," said Storms. "Microsoft seems to have stepped it up a notch," he said, noting that it appears the company is taking a harder line in defining "critical" flaws as only those that don't require any user action to be exploited.
Microsoft described both the SQL Server bug and the Exchange vulnerability as elevation of privilege flaws, and will provide patches for the former to Windows Server 2003, Server 2008, Windows 2000 and all still-supported versions of SQL Server, the company said. The Exchange update applies to both Exchange Server 2003 and the newer Exchange Server 2007.
The amount of detail Microsoft tucked into the pre-patch notification for the SQL Server and Exchange Server vulnerabilities puzzled Storms, who pointed out that Microsoft specified that the former's flaw affected both WMSDE, the SQL engine added to Windows clients, and WYukon, the engine within Windows server software. "I don't know whether this is a clue [about the vulnerability] or whether they're just being more promiscuous with information," Storms said.
It doesn't appear the Microsoft will be patching an Internet Explorer vulnerability first reported in 2006, but which returned to the limelight last month when security researcher Aviv Raff claimed that it could be combined with a bug in Apple Inc.'s Safari to pose a danger to users. At the end of May, Microsoft warned users of the blended threat, and recommended that people stop using Safari.
Apple patched Safari for Windows to quash the browser's so-called "carpet bomb" bug two weeks ago.
But Storms thought there was an outside chance that Microsoft would fix IE, even though it didn't explicitly label any of the prospective patches as intended for Internet Explorer. Last year, he said, Microsoft dealt with protocol handler bugs that could be exploited by attacks against IE by fixing Windows, not the browser.
The four security updates will be posted Tuesday, July 8, around 1 p.m. EDT.
2008 CIO Summit
19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.
The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.
Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.
Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'
Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).
Click here for more information.
Please email Denyse_Robertson@idg.com.au for further information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Information security governance: Centralized vs. distributed 05 September, 2008 10:15:00
Should security policies, procedures and processes be managed within a central body, or distributed at an individual level? You need to find the middle ground.The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground? - +
DNS error brings Sophos antivirus updates to a halt 05 September, 2008 13:40:00
Optus, Internode and Equinix affected among others.A sporadic Domain Name Server (DNS) error has blocked Sophos anti-virus updates around the world. - +
Ouch! Security pros' worst mistakes 04 September, 2008 08:05:00
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the processIt was a mistake so bad the person who made it asked that his name and company not be mentioned here. Let's call him Frank. - +
Security ROI: Fact or Fiction? 03 September, 2008 08:32:00
Bruce Schneier says ROI is a big deal in business, but it's a misnomer in security. Make sure your financial calculations are based on good data and sound methodologies.Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable. - +
Information Security and the Importance of Context 01 September, 2008 10:00:00
Those entrusted with information security must raise their contextual awarenessWhen the US Transportation Security Administration (TSA) was first created, it created a sudden need for tens of thousands of screeners. Getting a job as an airport screener was a pretty easy process. It seemed as though if you had a pulse, you were in. Jump forward to 2008 and becoming a screener is a bit harder as the TSA has instituted background checks, has upped the educational requirement to include a high school diploma or GED, and added other significant requirements.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 05 September, 2008 11:05:00
F-Secure delivers fastest protection in the online world 04 September, 2008 16:50:00
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 04 September, 2008 16:00:00
IntraPower Signs Deal with Australia’s Largest Service Station and Convenience Store Network 04 September, 2008 10:07:00
TANDBERG Begins Desktop Videoconferencing Roll-Out at New England Credit Union 03 September, 2008 16:01:00
|
||
|
||
|
|
||
|
Why Security SaaS Makes Sense Today
Corporate IT teams are waging a significant security battle on two fronts these days: stopping attacks via the Web and through email. Security SaaS can solves these problems and more. Read on to discover 7 reasons why security SaaS makes sense for your business.
Subscribe to CIO
