IIS flaw under investigation by Microsoft | Tech News on ZDNet
Posted by lemiffe in Computers, Internet, News, Operating Systems, Security, Viruses, Windows on Sep 1st, 2009 | 0 commentsMicrosoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.
In a statement, a Microsoft representative said the company “is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP)”.
Microsoft said it is not aware of any attacks using the vulnerability. “We will take steps to determine how customers can protect themselves, should we confirm the vulnerability.”
According to IDG News Service, code for exploiting the unpatched flaw was posted to the Milw0rm Web site. IDG said the exploit appears to affect primarily older versions of IIS — and only when the FTP function is enabled.
Once it is done with its investigation, Microsoft said, it will decide how to address the matter, which could include a security update as part of its monthly Patch Tuesday or an out-of-cycle update.
via IIS flaw under investigation by Microsoft | Tech News on ZDNet.
“Tories unveil NHS database plans” – BBC NEWS
Posted by lemiffe in Computers, Life, Security, Viruses on Aug 12th, 2009 | 0 commentsThe Conservatives have promised huge cost savings for the NHS by scrapping government plans for a central database of patient records. Proposals include electronic medical notes being stored locally by GPs and hospitals and patients having online access to their medical records.
IT firms such as Google or Microsoft could host the information.
But the government said the Conservatives’ plans raised concerns about patient confidentiality.
Confidentiality? Hmm… Well with the proper safety measures in place, this shouldn’t raise concerns. A central database for national healthcare records should have been a top priority years ago! Of course, taking into consideration the proper encryption of all files, it would be a great system! All patients should be able to access their healthcare records through a web portal, this information should be able to be updated by GPs, hospitals and all other healthcare institutions. Doing things this way would allow various good practices to take place:
- Detecting early and preventing widespread diseases by statistical analysis of information.
- Allowing to poll all citisens, retrieve feedback, and gather general information in an easy way.
- Establish better criteria to the flaws in the system, and address all issues to develop a better system.
The Tories are promising NHS trusts a choice of computer systems, rather than having a single one imposed.
Every patient would have a username and password and could update their records with information like blood pressure and cholesterol levels.
Shadow health minister Stephen O’Brien insisted these separate systems would be “inter-operable”, allowing information to be accessed in different locations.
He said: “You want to have your data held locally and that should be with the person you trust most in the health service, which will be your GP.”
Yes, this is a good thing. Every patient should have their username and password, but a “choice” of computer systems is not an option! Inter-operable or not, the more systems are in use, the greater the possibility is of there being flaws in the transmission of data, man-in-the-middle hacking/cracking attacks, and a whole lot of other possibilities.
A single well-founded, secure, national database should be established and maintained correctly to provide the NHS and goverment with a ride range of information assets useful to the patients, the GPs and the NHS in general.
Mr O’Brien told BBC Radio 4′s Today programme: “We want to give patients the ability to give themselves greater control over their information.”
He added: “If we hold the data locally it’s more likely to be protected than within this massive [NHS] database…
Saying that is like figuring out that your money is more protected locally than in a bank. There always exists a possibility of a breach of information, but having the information in one single place, using one single system, means more security. The possibility of a virus infecting or cracking into the computer of a GP is much higher than the hacking of a properly secured database in a wide set of well-protected linux servers with a properly maintained firewall. Sure, there’s always DDoS, but at least there is no information breach.
Autorun.inf “Virus” on your USB memory stick?
Posted by lemiffe in Computers, Viruses on Jul 29th, 2008 | 0 commentsThere is a number of viruses that create autorun.inf files on all writable drives, as soon as you stick any USB or memory stick in your computer it creates it. Some of the viruses display corrupt right-click menu’s, stop allowing direct access to c:\ through “My PC”, and cause other irrational behaviour.
The best solution I’ve found so far is to simply display all hidden files and folders in the USB Memory stick, delete the current autorun.inf, create a folder named autorun.inf, this way the virus can’t create or replace the file as it is really a folder. I haven’t been infected since, and it’s good protection if you are moving the memory stick around from pc to pc.
A friend of mine told me about this procedure, so I verified it on internet and I found a bit more information that might be helpful if you’ve got one of these viruses:
http://bleuken.i.ph/blogs/bleuken/2007/06/29/viruses-that-uses-autoruninf/
