On Tuesday, Microsoft released security fixes for desktop users and network administrators alike. Seven security bulletins address 10 vulnerabilities, three of them critical.

Security researchers say the critical patches that affect Windows desktop users should be given the highest priority.

There are also three important patches, MS08-034, MS08-035 and MS08-036, that affect Windows servers, as well as a moderate patch. Managers of Windows servers should install these patches. MS08-032 is the moderate patch and addresses the “kill bit” for Windows. The patch disables code with a known security bug.

Betting on Bluetooth

“The vulnerability in the Bluetooth stack is especially noteworthy because it allows an attacker in range of a Bluetooth-enabled device running Windows XP or Vista to take control of that device,” said Ben Greenbaum, senior research manager for Symantec Security Response. “User interaction is not required. All that is required is for the device to have Bluetooth on and to be within range of the attacker.”

Tyler Reguly, a security engineer with nCircle, a network security firm that works with companies like ESPN and Safeway and government agencies like the FCC, said he finds the Bluetooth patch interesting because it’s a vulnerability in a popular wireless protocol.

“It is remote code execution in both XP and Vista. People traveling with laptops are probably the most likely to have Bluetooth enabled,” Reguly said. “It’s important to keep in mind the limited range of Bluetooth, which is what, in my opinion, somewhat limits the severity of the vulnerability.”

The IE Trend

According to Amol Sarwate, manager of the vulnerability research lab at Qualys, the most serious of this month’s patches is the vulnerability in Internet Explorer, MS08-031, which is a zero-day threat.

“Victims would only need to visit a compromised site in order to be affected by the remote code for viruses, worms and other…

As more Americans use wireless networks everywhere from coffee shops and airports to libraries, the FBI has begun warning that hackers are increasingly lurking nearby to steal identities and pilfer bank accounts through unsecured Wi-Fi systems.

Unlike wired systems, which use cables to transport information through the Internet, Wi-Fi uses radio waves that industry leaders say are inherently more vulnerable.

And with an estimated 68,000 Wi-Fi “hot spots” in the United States now, and many more on their way, users are unaware that some of those sites, including entire cities and towns, might be unsecured.

While there are no exact numbers of individuals who might have fallen victim to such scams, the FBI is warning that information exchanged over those waves can be intercepted. And that means cyberthieves will be waiting to pounce.

“Make sure you’re connecting to the town and not a guy who happens to be in town,” Bryan Duchene, an FBI cybercrimes supervisor in Los Angeles, said of towns offering free Wi-Fi service.

After setting up shop at or near Wi-Fi hot spots, criminals can access personal information from users of unsecured servers who don’t have adequate safeguards on their computers.

Another ploy takes advantage of the fact that some laptops, by default, will log on to the strongest signal when searching for a wireless connection. For a laptop user sitting at Starbucks, that signal might belong to a legitimate-looking, but bogus, server operated by a hacker, Duchene said.

“If the bad guy happens to be sitting two tables over and he’s broadcasting a (stronger) signal, it’ll override what you’re trying to get to,” he said.

Once in, a hacker can steal passwords and credit-card information and install viruses, worms and other malicious software or malware on a computer that can spread to other systems you run.

Duchene recommends that Wi-Fi users change their settings so…

How safe is your incoming e-mail? With phishing, viruses, worms, Trojan Horses, spam, data storage challenges, disruption and downtime risks, data loss and leakage concerns and a host of other potential e-mail obstacles (is your head spinning yet?), it could be time to rethink your e-mail protection strategy.

The bottom line: you must safeguard your network in order to adhere to compliance mandates.

Amateur hour is over. Just when malware design seemed to have reached a plateau, new attack techniques have burst forth. Some are so complex they could have only been designed by means of sophisticated research and development.

We spoke about the challenges this type of malware presents with experts at a number of software security and threat-management companies, including Sophos, AppRiver, and IronPort Systems, now part of Cisco Systems.

For a time, one expert pointed out, security controls designed to manage malware were working. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and its sophistication increased. E-mail is a primary vector.

“E-mail is a challenge from a security perspective because everybody’s doors are open,” said Pat Peterson, vice president of Technology at IronPort Systems. “Anybody who wants to deliver mail to your server and ultimately to the desktop can do so as long as the get through your anti-spam and anti-virus scans. That’s one of the fundamental and unique problems with e-mail compared to the Web or the telephone.”

The Network Administrator’s Responsibility

End users still fall for social engineering gimmicks that compel them to click on a link promising something interesting. That links ushers them to a Web site that downloads malicious payloads. It’s the network administrator’s responsibility to make sure that payload can’t make its way to the desktop and subsequently…

Businesses are becoming more sophisticated day by day and the usage of computer programs is increasing tremendously. Unfortunately the number and types of spywares and viruses are also increasing. Many businesses now have to spend too much money for dealing with spywares and yet the enterprise data is in constant danger. Here are some tips for dealing with spywares.

• Install anti-virus, anti-spyware and firewall programs. Free programs are saves costs but most of them are ineffective.
• When going for above programs look for most trusted ones. Often many low quality anti-spywares are spywares themselves.
• Avoid installing lots of programs, especially free ones or from unknown sites. Keep your business computers with most needed programs only. It is a better practice to check the Google PageRank of the domain from you are downloading program; any site with PR of or above 4 can be good as they are trusted by Google.
• Avoid visiting, form filling and logging-in sites which seems cannot be trusted, contains excess ads, offer unbelievable benefits, have too much popups, have too many link redirects, etc.
• Keep your company computers up-to-date with latest security updates of operating system and browser.
• Scan computers regularly; but remember not to trust any web-based applications for scanning your machine.
• Regularly back-up your data.
• Ensure better integration between programs.
• Find and rectify problems; and notice for slowness in performance, program starting or booting, appearance of error messages and new icons, difficulty in modifying/deleting a file, etc.

When most people think about Internet security problems, they focus on viruses and spyware — technological attacks that usually can be mitigated by technological defenses. But the most insidious Internet security problems today rely on human gullibility, not tricky software. Although technological defenses can help you fend off these newer types of attacks, your best weapons against them are common sense, alertness, and careful e-mail and Web-surfing practices.

These newer types of attacks are called “social engineering,” and they are used by criminals to steal your money and identity and to plant malicious software on your computer that can be used to rip you off. Social engineering is the online equivalent of an old-fashioned con game, in which a crook frightens people with false warnings, or tempts them with false promises, and then robs them.

The most common form of social engineering is called phishing, a one-two punch using both e-mail and Web browsing to trick people into typing confidential information into Web sites that look like the sites of real companies, especially financial institutions. But these phishing sites are actually skillfully designed fakes that transmit your sensitive data to criminals, often in distant countries. Once these creeps have your passwords and account numbers, they can loot your funds and steal your identity.

Here are some tips to help you avoid being the victim of social engineering.

1. Never, ever click on a link embedded in an e-mail that appears to come from a financial institution, even if it’s your own bank or brokerage and even if it looks official right down to the logo. The same goes for payment or auction services, such as PayPal or eBay.

Don’t do this even if the e-mail asserts that your account has a problem or that the bank has to verify your information. And certainly…

MOUNTAIN VIEW, CA, Apr 15, 2008 (MARKET WIRE via COMTEX) — BitDefender(R), an award-winning provider of antivirus software and data security solutions, today introduced its new Security Suite for Business, which provides growing companies with a comprehensive set of solutions that set new standards for proactive protection against security threats.

Designed with the needs of growing companies in mind, BitDefender Security Suite for Business provides intelligent, automated proactive protection at the workstation, combined with proactive management for the IT administrator.

BitDefender’s patent-pending heuristic detection technology provides superior protection against zero-day and undiscovered malware threats, enabling the BitDefender Security Suite for Business to take the offensive against stealth threats before they appear on a signature list. BitDefender Security Suite for Business allows companies to react to threats based upon common threat scenarios customized to their specific needs. This automated, proactive protection and proactive management results in complete network protection for growing businesses and allows for increased employee productivity and improved network efficiency.

For IT administrators, BitDefender enhances business productivity and reduces management and malware-related costs by enabling the centralized administration, protection and control of workstations inside a company’s network.

Security Suite for Business also features superior usability for both business user and the IT administrator through a centralized management and reporting system.

The first available Security Suite for Business offering is BitDefender Client Security, a robust yet easy-to-use security solution that features BitDefender’s unique Response Scenario, WMI Script Support and User Control capabilities — capabilities that provide growing businesses with the highest levels of proactive management.

BitDefender Client Security offers superior proactive protection from viruses, spyware, rootkits, spam, phishing and other malware, while BitDefender’s policy-based management capabilities enable the automation of routine management activities.

“BitDefender understands that businesses are faced with an ever-increasing volume of new and existing threats, and we’ve addressed this with these integrated security solutions…