The Day Symantec Couldn't Speak Chinese

This is early in May, Computer World reported that (here, and here) that Symantec has released a signature updates led to the two key Windows system. The DLL-n etapi32.dll and l sasrv.dll-isolation from antivirus software on the Simplified Chinese language versions of Windows XP SP2, which had been updated, because Microsofts security bulletin MS06 - 070. If such a system, have received an error signature updates, and rebooting after, the file has been quarantined, the system will no longer boot. Recycling is the only viable through the windows of the recovery console.

Symantec subsequently said its automated threat analysis system caused by the false positive on the Windows system files, a process, it will automatically generate signatures, to identify malicious software. Signature has been updated corrections provide about 13 hours after the fault version of the publication.

Its interesting to note that the article described how users of pirated versions of XP, "may have snafu in such circumstances (using Windows recovery console), but The problem is that many Chinese people do not have the user restore discs, because they are running pirated copies of Windows. " Course, the author of this story failed to recognize the need to SP2s Windows Genuine Advantage, piracy will not be xp2, and we do not have to install the MS06 - 070 caused misdetection. ETM, the sole legitimate users may encounter problems, they should have the opportunity to restore the Windows console. Regardless, it is an automatic updates from the Symantec results, in the absence of the use of computers, and forced to participate in the collection and Windows recovery console is a major fault, and some of their.

A faster, more secure remote access VNC trick check out this good, as long as two of the articles that make the connection more secure VNC, from the pioneering Guide. The authors used the nomachine NX server to provide faster SSH Tunnel and the conversation server (RDP, or remote X), through VNC adopted at the Conference. He also used wikid servers, to provide two-factor authentication use of the certificate.

Article is worth reading, if you use VNC, in your environment. Coupled with the certification, is of particular interest because it must ensure that VNC authentication bypass the loophole can not use the third person outside the trust of the insider. I highly recommend considering this solution, or at least compare your existing What is the solution, in this proposal, to determine whether there weaknesses in your environment. Also, if you provide remote access to a third party, such as remote support institutions, to ensure that they use, similar to what is described in this article.

IETF has granted nod to be DKIM called DomainKeys Identified Mail specification has been approved by the IETF. This means that the standard has been finalized, and now the only question is, how widely it will be used. DKIM described by a standard, a system people have a mandate, submitted a message into the e-mail flow of information signs signatures and encryption. Recipient system will be able to find the key to the implementation of the provision to verify that the message actually was claiming ownership of the entity.

DKIM was different from the system the same S / mime and other encrypted e-mail, signed mechanism, this is neither the author nor the contents are all that is just a fact that e-mail can be submitted under due to the organization in some way to join the first signature elements. Multiple elements can be present in an e-mail, because each entity involved in this process may sign the e-mail.

(Searchsecurity.com also an interesting article here.) DKIM has been far greater value very large e-mail providers, such as the development of the original - Yahoo! -- Or even very large companies of the target of frequent phishing attacks.

The recipients e-mail system should play a DNS Search provide e-mail signatures, encryption keys to determine whether the claims in the "signature identity" is actually used to create signatures are included in the header files E-mail. Since then, the recipient may not know that the first line of forged e-mail. Of the action taken by the people, regardless of the system or people, is variable. If the signature is now, to be effective, but if it is invalid, then the information may be categorically rejected. However, the lack of a signature was DKIM may or may not mean that a forged message, the recipient will have to decide whether or not a signature was originally DKIM to attend.

DKIM was similar in SPF, because it provides a way to determine the recipient, if the e-mail is legitimate. Like SPF, it is not foolproof. SPF level and focus on whether there is a mail server is allowed to provide e-mail from a specific area, for DKIM portion of the message contains, in a sign placed in the forefront. It is not With either method will be selected on the other hand, as neither is fully effective. On the contrary, it is very likely will be included, in addition to other, more traditional methods, such as TLS and S / mime or the PGP.

hope strengthening security? This column was originally published the weekly security Now communications. Click here for free subscription.

is a problem, and moice there are some very serious limitations with the Microsoft Office environment isolated conversion tool, we believe that this would make it too cumbersome to any average environment. (You can read more about this require registration).

Moice operating system configuration requirements to use it, rather than Microsoft Office applications, and its support is under the Office file types. In addition, the Office applications should be configured to prevent open Office document, only the repeated use of moice whenever a file is opened, or the use of an office, in 2007 the characteristics of the so-called "trusted position." Office document storage (now limited support for Office 2003.) We believe that the average enterprises need to do nothing on the release moice. Moice may prove to be a rarely used forensic tools, because it is a must-have a very limited set of users. This is not very easy configuration, for each document, but may prove useful, and sometimes kept scanning.