How Not to Email Your Customers

There are many different ways that organizations can manage customer lists and deliver email to all of their customers at once. Some mailers will generate a unique email to each customer, possibly replacing fields in a form letter, while others will basically use the "BCC" field to send a one email to many recipients. An important characteristic of these methods is that the recipients will not be able to see each other's email addresses. Today, sent out an email to customers without using either of the above methods.

Microsoft Update KB977165 triggering widespread BSOD

One of Microsoft's "Patch Tuesday" security fixes is triggering a widespread "Blue Screen of Death" problem.  The cause is not the update itself, but an existing infection.  So far, reports suggest that this problem affects Windows XP and Windows Vista. Once the update is applied and the system rebooted, Windows will bluescreen at boot.  When booted to Safe Mode, the system will freeze. Removing the update from the Windows Recovery Console or using live media will get the system booting again, at least until the update is reapplied.

On Borrowed Time: The Threat of Ransomware

"Ransomware" is a type of malware that holds files or computer operations for ransom.  In the most common scenario, ransomware will encrypt files on an infected computer and demand that the user pay for the decryption key. Ransomware presents an unusual threat in that simply removing it from the computer does not solve the problem.  When files have been encrypted, removing the ransomware does not make them available again.  The files must be decrypted.

Defending Windows with Application Whitelisting

The SANS Internet Storm Center recently featured a post about the increasingly stubborn fake anti-malware "scareware" that has been remarkably successful at infecting machines and convincing people to purchase the fake software. Among the comments on that post, others who have encountered this kind of malware questioned what protection measures might be effective.

Apache DoS Tool - First of a New Wave?

If you are familiar with security issues for Internet servers, you know what a Denial of Service (DoS) attack is, and that there is no absolute defense against DoS attacks.  There are plenty of ways to mitigate the risks.  With just a few mitigating tactics, the biggest threat that remains is usually from Distributed Denial of Service (DDoS) attacks, where it is a game of sheer numbers.