One of the difficulties faced by IT security professionals is keeping up with the latest security vulnerabilities in operating systems, databases, and applications.

If an attacker knows a vulnerability and you don’t, your may not be able to effectively defend against the new vulnerability. This is especially true of applications which are accessible from the Internet.

Many sources of security news document vulnerabilities only in general terms. This often does not give the security administrator enough information to effectively defend their systems from attack.

As a result, most security professionals keep up-to-date by attempting to monitor the hacking community. The hacking community, however, consists of tens of thousands of different individual and groups working in a decentralized and unorganized manner.

As such, it is difficult or impossible for any single security professional to keep up with new vulnerabilities discovered by the entire hacking community.

Milw0rm.com is an excellent resource to help with that problem. Milw0rm.com lists vulnerabilities, along with exploits and shellcode.  These are organized by platform and by type of access required.

Milw0rm.com is an excellent addition to resources such as Open Source Vulnerability Database, The National Vulnerability Database, and Exploit Tree.

Comodo Inc., a security company which makes its income by releasing SSL certificates, and which has also taken up security software development, has released version 3 of its free firewall - Comodo Firewall Pro. Comodo Firewall Pro(CFP) is a firewall distributed at no charge for both home and corporate use, which has capabilities that match and even surpass those of many famous shareware and freeware firewalls out there.

I’m an ex-ZoneAlarm user who was forced to move back to Windows Firewall when I adopted Windows Vista Beta 2 as my main Operating system(yes I know I’m crazy) and then when in late september I adopted the Vista-compatible Free firewall, I ran across some serious issues and decided it’s best to not keep it. ZA Pro for Vista was not released to this day, and I was stuck with Windows Firewall for over a year. That was, until Comodo Firewall Pro 3…

Read the rest of this entry »

Ever had the need to turn a dynamic disk into a basic disk, perhaps to install an OS on it, and did not want to have the entire data on it erased? It’s actually kind of dumb that you can convert basic drives to dynamic drives without data alteration, but not the other way around. Sadly, as of currently there are still no programs capable of converting a dynamic disk back to basic without it implying destruction of all data. However, there is one rather unorthodox way to do it, albeit it is a bit dodgey…

Read the rest of this entry »

To open a port in Comodo Firewall Pro 3.0, bring up the interface, go to the Firewall tab, under Advanced select Network Security Policy, and click the Global Rules tab. Select “Add…” and complete the window as follows.

Read the rest of this entry »

Mozilla Firefox 2.0.0.10 was released just a few days ago. The updated version of the popular browser addresses several highly-critical vulnerabilities, not all of them new. Looking down on the history of the past 10 2.0.0.x releases one can see just how many holes were patched out of a browser whose name was, and still is, synonymous with surfing security. These security releases have been getting more and more frequent, proportional to Firefox’s growth in market share.

Internet Explorer, the most popular web browser to date, and the most infamous when it comes to security, has been kept under a very watchful eye, and strongly criticized when it was discovered to still contain a number of exploitable vulnerabilities, and everytime a new vulnerability surfaced, be it serious or low, everyone would assault it with drama. Since its first release, Mozilla Firefox has only gained roughly 15% of the world’s browser market share, and already we are seeing security fixes released as often as vulnrabilities are being found in IE. This is making people wonder just how much of Firefox’s legendary security has been related to faulty IE programming, and how much due its lack of appeal towards hackers because she wasn’t as widespread…

Read the rest of this entry »

Windows Vista was approaching the market with a promise to improve security more than anything. Wether it did or didn’t succeed in that, it sure made a lot of users angry. Many complained about performance issues, hardware requirements, and overall slower response than that of XP. Now users are caught in a tug-o-war between XP and Vista between an older but faster and less plagued by problems XP and a Vista which paves the way for the future but comes with little to no new functionality that can’t be achieved by its predecessor.

Microsoft is pushing the deadline on us, trying to demonstrate XP’s age with this last Service Pack, SP3 being a milestone which marks the end updates for XP and therefor its age. But instead it’s achieving the exact opposite as tests so far show that XP SP3 might gain a 10% speed boost to its already Vista-outperforming speed while the latter will get less than 2%. Vista has largely overcome its compatibility issues and fixed most of the young operating system’s bugs. However, its infamy for being 4 times the size of XP and twice as slow as XP is making users steer clear of the shining Windows orb for the most part. Scales tipping more and more in favor of Windows XP even though Vista has been out for an year, XP is competing with its successor as if itself was the actual new version, not Vista. And all in all it looks as if everyone just wants to turn back time. Whoo boy, where did Microsoft go wrong this time…?

Read the rest of this entry »

Everyone’s buzzing around snooping for any bit of information on the upcoming Vista SP1 and SP3, well on a more immediate basis, Microsoft released their monthly patch bulletin today for Windows OSs. Aside from the usual Malicious Software Removal Tool, this December’s Patch Tuesday, last of the year, most notably brings security fixes for both Internet Explorer and Windows Vista, particularly dealing with video format vulnerabilities so that users this Christmas can do their online shopping and relax with a few videos with less security worries on their minds. However, if you’ve upgraded to Microsoft Update and installed Microsoft Office 2007, you’re in for a hefty surprise…
Read the rest of this entry »

Windows Vista SP1 was released to the public yesterday. Microsoft is offering the most discussed Service Pack of the year in near-final stage to the public. Anyone who wants to give it a go can visit this page and follow the instructions on there. The download is a small batch file which adds keys to the registry, similar to how SP1 enthusiasts were able to download it in the past with or without Microsoft’s disclosure. This is because the Service Pack is not available to download on a web page, but via Windows Update by anyone whose registry contains said keys. Before the Service Pack itself a 4MB update, called KB938371, needs to be installed. The update itself was very slow to download, making me wonder how the update servers’ bandwidth was coping with the huge number eager testers. Slowly but surely, it downloaded and installed. A restart was required. That’s when the trouble started…

Read the rest of this entry »

Despite my objections on the forum at the time even though I had no issues with Comodo Firewall Pro 3, the program was released containing a number of compatibility/stability issues and bugs for many configurations, ranging from network access issues to behaveior and UI. Comodo Inc. has released an updated version for their product on their downloads page, accompanied by a substantial list of changes, all of which are fixes. Additionally, options were added for people using Internet Connection Sharing and loopback networking. And sure enough, people seem very satisfied on the forums. All in all, it is now safe for everyone to try out CFP3.

The button color interface bug which I reported STILL hasn’t been fixed.

Late and coming to you through a YourFreedom proxy that isn’t giving out DNS errors like pretty much everything else is, and a much-delayed post squeezes through two million years later. My internets are metastising thanks to my crappy ISP and their lack of action, but my computer has been going back and forth through system restores and service pack updates. The biggest cause for this, is a well-known and yet ignored problem which affects quite a number of Vista configurations which aren’t using User Account Control. The culprit is AOL Instant Messenger, version 5.9 latest, or any other version 6.5.3.12 beta. One of the many symptoms it causes is an X over the network icon with the message “No network - Server execution failed”. One of the most popular IM clients has been screwing up Vista systems without UAC big time, and it’s been at it for an year now…
Read the rest of this entry »