Archive

Archive for February, 2011

Microsoft Forefront UAG 2010 Administrator’s Handbook is now available in print

February 28th, 2011 Comments off

We are glad to inform you that the Microsoft Forefront UAG 2010 Administrator’s Handbook, published by PACKT publishing is now available in print. The book was written by Ran Dolev and Erez Ben-Ari (also known as “Ben Ben”) from the UAG product support team. It covers UAG publishing scenarios, DirectAccess and troubleshooting, which makes it the most complete self-study and reference resource for UAG available on the market.

Microsoft Forefront UAG 2010 Administrator's Handbook

The book is available for order from Amazon, or from the publisher directly, and is available as a hard-copy, or e-book.

Categories: Uncategorized Tags:

Quick Check on ADCS Health Using Enterprise PKI Tool (PKIVIEW)

February 28th, 2011 Comments off

PKIVIEW was first introduced in Windows Server 2003 Resource kit. The tool is installed by default when you install the Windows 2008 Active Directory Certificate Services Role, and had been re-branded as “Enterprise PKI”. The tool is implemented as a snap-in for the Microsoft Management Console.

Enterprise PKI gathers information through Active Directory about the CA certificates and certificate revocation lists (CRLs) from each CA in the enterprise. Then it validates the certificates and CRLs to ensure that they are working correctly. If they are not working correctly or if they are about to fail, it provides a detailed warning or some error information.

Enterprise PKI displays the status of Windows Server 2003, 2008 and 2008 R2 certification authorities that are registered in an Active Directory forest. You can use Enterprise PKI to discover all PKI components, including subordinate and root CAs that are associated with an enterprise CA. The tool can also manage important PKI containers, such as root CA trust and NTAuth stores, that are also contained in the configuration partition of an Active Directory forest.

Enterprise PKI is very useful when verifying the installation of an ADCS environment, or when a quick check is needed for the health of the distribution points and managed containers in Active Directory.

Launching Enterprise PKI

 At a server running Windows 2008 or 2008 R2 ADCS service, launch Server Manager, expand Roles, Expand Active Directory Certificate Services and then click Enterprise PKI

 

The same console can be displayed, by running PKIVIEW.msc from the Search or Run menus

Enterprise PKI can also be launched from a Windows Server 2008, Windows Server 2008 R2, Windows Vista or Windows 7 computer by installing the Remote Server Administration ToolsActive Directory Certificate Services Tools from the Features set.

Enterprise PKI in Windows 2008 ADCS determines the AIA and CRL locations of the offline CA by examining certificates issued by the offline CA. The AIA and CDP distribution points for the online CAs are gathered by contacting the online CAs directly.  This is different than the PKIVIEW tool behavior in Windows 2003 PKI, which relied on a CA Exchange certificate with a validity period of  1 week to gather the CDP and AIA distribution points of an issuing CA.

       

 

 

 

Running Enterprise PKI in Windows 2008 will still create the CA Exchange certificate, although as stated before, it is not used by the tool.

Understanding Distribution Points Health in Enterprise PKI

 

Enterprise PKI evaluates every URL included in the AIA and CDP extensions of the certificates in the CA hierarchy. The tool attempts to connect to each referenced URL and reports whether the certificate or CRL is reachable as well as whether the current version is reaching expiration.

Some of the most common mistakes encountered in PKI deployments are missing certificates or CRL files. When launching Enterprise PKI all the certification authorities in the hierarchy should be examined in the left hand pane.

 

 

 

 

 

 

The Right hand pane will include the CA’s certificate and the status of its publication points. Consider the following scenarios:

  • If a publication point is configured correctly, the status column will report a value of OK.
  • If the publication point is configured incorrectly or if the CA certificate or CRL is not copied correctly to the publication point, the status column reports a status of Unable to Download.

 

To troubleshoot Unable to Download publication points, right click the publication point and click Copy URL. Paste the URL in a browser to verify if it can’t be downloaded. A 404 “File not found” error in a browser indicated the file can’t be downloaded, or the file is missing

  

In general, this error can be attributed either to:

  1. A missing file (in my case above, it was the certificate file of the issuing CA). Copy the file to the distribution point and refresh Enterprise PKI.
  2. The HTTP URL is accessible through a Proxy. You should consider removing the proxy requirment for the computer security context
  3. There may be an access control list (ACL) blocking access to the file
  4. When dealing with Delta CRLs, the web site might block the download of the file due to double escaping. This issue can easily be solved by following the steps in How to avoid Delta CRL download errors on Windows Server 2008 with IIS7

 

  • Finally, if the CA certificate or CRL is near expiration, the status column will report a value of Expiring

 

 

There are several ways to troubleshoot this issue:

  1. Renew the CA’s certificate if it is about to expire and publish it to the AIA distribution points
  2. CDP is about to expire, examine which CDP in the chain is about to expire, issue a new CRL and publish it to the distribution points
  3. This might also be a superficial message, when you know your issuing CA’s CDP publication frequency is about to issue a new CRL, however the display in Enterprise PKI is showing it as Expiring. Adjust the Options in Enterprise PKI as follows:

 

  

  • The expiring certificate indicator: You can specify how many days before expiration of a certificate that the PKI Health Tool will indicate that a certificate is expiring. Consider using a much larger number than the default of 14 days. In fact, if you plan to issue certificates with a one-year validity period, you should use a notification of 365 days
  • The base CRL expiration indicator: The base CRL indicator should be set to a value that reflects the base CRL publication interval of your issuing CA. If you publish the base CRL at a weekly interval, consider keeping the default expiration interval of two days. If you publish the base CRL on a daily interval, consider a value of eight hours
  • The delta CRL expiration indicator Like the base CRL setting, you must choose a delta CRL interval that reflects your delta CRL publication. If you publish a delta CRL every day, the default of every four hours may be the right value for you. If you publish the delta CRL every eight hours, consider a value of two hours for expiration notification.

Examining and Understanding Active Directory Certificate Stores

 

Enterprise PKI can examine each of the Active Directory certificate and CRL stores by using the Manage AD Containers  dialog box by right clicking Enterprise PKI, and then clicking Manage AD Containers. All the containers are stored in the configuration partition of the Active Directory Forest where the CA hierarchy is installed. 

 

Certification Authorities Container:

Contains all the Root Certification Authorities in the Active Directory Forest. This container is accessed through the autoenrollment policies for users and computers and distributes the Root CAs to the local Trusted Root Certification Authorities store.  

The Certification Authorities container is stored in CN=Certification Authorities, CN=Public Key Services, Configuration, CN=Services, DC=ForestRootdomain. The container can be accessed using any LDAP capable tool, such as ADSIEDIT, LDP.EXE, etc….

Enterprise PKI tool allows viewing or removing Trusted Root Certification Authorities to this container, but will not allow adding new Root Certification Authorities. Use Certutil -f -dspublish RootCA.cer Root command to add a new Root Certification Authority to this container,

 

 

 

Enrollment Services Container:

Contains all enterprise issuing certification authorities in an Active Directory Forest. The container is CN=Enrollment Services, CN=Public Key Services, Configuration, CN=Services, DC=ForestRootdomain. The container can be accessed using any LDAP capable tool, such as ADSIEDIT, LDP.EXE, etc….

 

Enterprise PKI tool allows viewing or removing Trusted Root Certification Authorities to this container, but will not allow adding new or existing enterprise certification authorities. The only method to add a new enterprise certification authority to the Enrollment Services Container is by using the Active Directory Certificate Services Role in Server Manager

NTAuthCertificates:

The NT Authority certificate object contains all entries for all CAs that can issue certificates used for smart card authentication and for Remote Authentication Dial-In User Service (RADIUS) authentication. The NTAuthCertificates object is stored in CN=NTAuthCertificates,CN=Public Key Services, Configuration, CN=Services, DC=ForestRootdomain. it can be accessed using any LDAP capable tool, such as ADSIEDIT, LDP.EXE.

Enterprise PKI tool allows adding, removing and viewing NTAuth certificates; in addition Certutil can be used to publish an NTAuth certificate if needed.

 

AIA Container:

Contains all CA certificates for all CAs in the CA hierarchy. The container is stored in CN=AIA, CN=Public Key Services,CN=Configuration, CN=Services, DC=ForestRootdomain. It can be accessed using any LDAP capable tool, such as ADSIEDIT, LDP.EXE.

 

Enterprise PKI tool allows viewing and removing certificate files from the AIA container, but will not allow adding new entries of new or existing certificates to the AIA container. A new entry can be added to the container using the Certutil -f -dspublish CertificateFile.cer NetBiosNameofCAServer.

CDP Container

Contains all base and delta CRLs for each CA in the CA hierarchy that publishes revocation information to Active Directory. This value is configured in the extensions tab of the LDAP extension.

For each CA publishing revocation information into Active Directory,  a separate container is created, containing the base and delta CRLs -if any for that CA. The container for each CA will have an object referencing the CA’s sanitized name of type cRLCistributionPoint. The actual container per CA is stored in CN=NetBiosNameofCA,CN=CDP, CN=Public Key Services,CN=Configuration, CN=Services, DC=ForestRootdomain.

 

Enterprise PKI tool allows viewing, removing and saving certificate revocation list files from the CA’s respective container, but will not allow adding new entries of new or existing CRLs. An entry can be added to the container using Certutil -f -dspublish CertificateFile.crl NetBiosNameofCAServer or by issuing a new revocation list at the enterprise  CA.

KRA Container:

Contains all Key Recovery Agent (KRA) certificates published to Active Directory Domain Services (AD DS) that are available for key archival operations on enterprise CAs. The actual container is CN=KRA, CN=Public Key Services,CN=Configuration, CN=Services, DC=ForestRootdomain. Each enterprise certification authority will have an entry of type ms-PKI-Private-Key-Recovery-Agent. Enterprise PKI tool allows viewing and removing certificate files from the KRA container, but will not allow adding new entries for new or existing key recovery agents. A new entry can be added to the certificate attribute of the enterprise certification authority using the Recovery Agents tab in the CA properties

Conclusion:

Enterprise PKI provides a view of the status of your network’s PKI environment. Having a view of multiple CAs and their current health states enables administrators to manage CA hierarchies and troubleshoot possible CA errors easily and effectively. Specifically, Enterprise PKI indicates the validity or accessibility of authority information access (AIA) locations and certificate revocation list (CRL) distribution points.

 

Amer Kamal

Senior Premier Field Engineer

 

  

Categories: Uncategorized Tags:

New WIKI Article by Yuri Diogenes–”Forefront TMG 2010 Survival Guide”

February 27th, 2011 Comments off

Hi all,

 

Our very prolific Yuri Diogenes just contributed a new WIKI page called “Forefront TMG 2010 Survival Guide” (available here) which you may find interesting.

The WIKI pages are “live” documents and we welcome additions, edits and contributions.

Some information about using the WIKI initiative is available here:

http://social.technet.microsoft.com/wiki/contents/articles/wiki-how-to-join.aspx

http://social.technet.microsoft.com/wiki/contents/articles/wiki-getting-started.aspx

http://social.technet.microsoft.com/wiki/contents/articles/wiki-how-to-contribute.aspx

http://social.technet.microsoft.com/wiki/contents/articles/wiki-code-of-conduct.aspx

 

One note: If you think Yuri had enough, think again. He is working on a “Troubleshooting Forefront TMG survival guide” so:

1. You have something to wait for

2. Should wait before contributing a troubleshooting article

Categories: Uncategorized Tags:

The Case of the Malicious Autostart

February 27th, 2011 No comments

Given that my novel, Zero Day , will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft…(read more)

Categories: Uncategorized Tags:

Identity Theft Affects Virus Writers, Too

February 25th, 2011 Comments off

Lots of people have web-based e-mail addresses, such as Hotmail, Live, or Gmail.  Some of these addresses are used as "throw away" accounts, and abandoned once they are no longer needed.  Others are simply left alone and forgotten as real life intrudes.  It seems likely that most of the corporations that offer the service also have a policy of closing accounts that have been dormant for a period of time.  Once the account is closed, someone else can easily create a new account and take over the e-mail address.

As a result, some e-mail addresses which originally belonged to "famous" people might end up belonging to less famous people who decide to trade on the reputation of the original owner.  Sometimes, only the account name is constant, while a different service provider is used.  In some cases, the deception is obvious, but in other cases, it’s unclear or just too hard to tell at all.  Of course, we’re also talking about people who are "celebrities" only in a very small circle.  These are virus writers, after all, so they are hardly household names.

Let’s take, for example, "Q" the Misanthrope.  He was a virus writer in the DOS days who produced several interesting proof-of-concept works, such as placing the virus code in the High Memory Area (also known as the HMA, and which was not scanned by anti-virus engines at the time).  He described himself in a public document in 1997 as a 38-year-old from the USA, and he seems to have retired shortly after the document was written.  However, more than ten years later, someone created an account using his name, and started sending e-mail.  Interestingly, that person did not know how old he was supposed to be, and his first language was no longer English.

Then we have Jacky Qwerty, who was described in a public document as becoming a father.  He seems to have retired in 1999.  Shortly after "Q" the Misanthrope was identified as a fake, a "jqwerty" appeared.  He did not know that he had any children.

Fortunately, neither of these new people have written any new viruses.

We also have hh86.  She has been described in a public document as female.  Her website saw a flurry of activity and many changes in a short period of time, after which her site and all of her forum posts were deleted.  A few months later, she was back, and then gone again, and then back again.  Is it the same person?  We have no idea, but one of the viruses attributed to her appeared during one of her breaks and it has a distinctively different style.  The more recent viruses have mostly returned to the original style.

Typically, identity theft is used to acquire goods and services using someone else’s money.  Virus writer identity theft seems to have no purpose, since the writing style (both communication and code) becomes the template which must be maintained in order to retain the illusion of continuity.  However, if the illusion is maintained for long enough that the new person actually acquires great skills, then that person can’t suddenly appear on the scene using a different identity because they will be accused of simply imitating the original person.  This doesn’t affect us particularly, since one virus writer is essentially the same as any other.  However, it does pose a problem for the projects that claim to be able to attribute code to a person.  Do you think that you’ve caught the right person?  Try proving it.  It just might be a copycat.

So we don’t know why someone would do that, but then again we don’t understand a lot of the things that some people do.

– Peter Ferrie

Categories: identity theft, virus writers Tags:

ID theft level drops, but cost remains high

February 25th, 2011 Comments off

Identity theft levels are at their lowest rate since 2007,
according to Javelin Strategy & Research. However, the cost to consumers is
on the rise. To find out more, see Identity
Theft Falls 34%, Victims Pay More
.

Protect yourself from
fraud

Clearly we’re all getting better at identifying phishing
scams and other kinds of email and web scams. You know the
basics
, but here are a few tips that you might not have heard about yet.


  • Internet Explorer’s InPrivate
    browsing
    can help protect your personal information when you use a public
    computer. Learn
    more
    .

  • If you receive email claiming that you’ve won
    the Microsoft Lottery, hit the delete button. The message is an example of an
    email scam. Learn
    more
    .

  • Your first line of defense against ID theft is a
    strong password. Check
    the strength of your password
    .

For more information, see Get
help with phishing scams, lottery fraud, and other types of scams
.


 

Improve security for your Windows 7 computer

February 23rd, 2011 Comments off

We were browsing through the Windows
online help pages
this week and came across an excellent source of
information for Windows 7 security. Want to know more about how to prevent
viruses and spyware? Want to make sure your web browser can help protect you
against phishing scams and other fraud?

For more information, see Understanding
security and safer computing
.

 

 

Microsoft SpyNet?

February 22nd, 2011 Comments off

So have you ever wondered what the Microsoft SpyNet opt in page is really all about?

image

Microsoft SpyNet is a cloud service that allows the FEP or MSE client on your computer to report information about programs that exhibit suspicious behavior to the Microsoft Malware Protection Center (MMPC) researchers. When this information is reported, definitions for previously unknown threats can be created and distributed, minimizing the time that a new threat is spreading in the wild before protection is available. (Note: older clients, like FCS and Windows Defender, also participate in SpyNet, but to get the full benefits of SpyNet, which includes Dynamic Signature Service, you should move to FEP or MSE.)

Additionally, when your FEP or MSE client reports new malware to the Microsoft SpyNet cloud service, the Dynamic Signature Service can recognize when a definition is available but not yet released, and deliver that definition for that specific threat in real-time from the cloud. Upon delivery of the dynamic signature, the threat will be detected and can be removed from the system

Hey – here’s a thought. Take 3 minutes and watch this – Microsoft SpyNet and the Dynamic Signature Service in action:

(Please visit the site to view this video)

Categories: Dynamic Signature Service, FCS, FEP, SpyNet Tags:

Using Forefront TMG 2010 to Secure Access to Your Cloud Services

February 22nd, 2011 Comments off

Figure 3 Leveraging the high-availability features in Forefront TMG 2010If you read the article Economics of the Cloud published last November on Microsoft on the Issues blog, you will see the that Microsoft analysis “uncovers economies of scale for cloud that are much greater than commonly thought”. As more and more business start to move to the cloud there is also the aspect of secure cloud access by an on premises gateway. A new article written by Yuri Diogenes (a former Senior Support Escalation Engineer from Forefront Edge CSS Team) was recently published at TechNet Magazine (February 2011 issue) and explains how Forefront TMG 2010 can assist you during this deployment.

Read the full article here: http://technet.microsoft.com/en-us/magazine/gg607680.aspx

Blog post written by Gabriel Koren

Categories: cloud, secure, swg, TMG Tags:

Microsoft Security Advisory (967940): Update for Windows Autorun – Version: 2.1

Revision Note: V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.
Summary: Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

Categories: Uncategorized Tags:

Microsoft Security Advisory (967940): Update for Windows Autorun – 2/22/2011

February 22nd, 2011 Comments off

Revision Note: V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating. Advisory Summary:Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

Categories: Uncategorized Tags:

Microsoft Security Bulletin Summary for October 2010

February 22nd, 2011 Comments off

Revision Note: V4.0 (February 22, 2011): For MS10-077, a detection change now offers the Microsoft .NET Framework 4.0 update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.Summary: This bulletin summary lists security bulletins released for October 2010.

Categories: Uncategorized Tags:

MS10-077 – Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) – Version:3.0

February 22nd, 2011 Comments off

Severity Rating: Critical – Revision Note: V3.0 (February 22, 2011): Announced a detection change to offer the Microsoft .NET Framework 4.0 update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.

Categories: Uncategorized Tags:

Microsoft Security Bulletin Summary for September 2010

February 22nd, 2011 Comments off

Revision Note: V6.0 (February 22, 2011): For MS10-070, a detection change now offers the Microsoft .NET Framework 4.0 (KB2416472) update packages to customers who install Microsoft .NET Framework 4.0 after installing Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers who have already successfully updated their systems do not need to take any action.Summary: This bulletin summary lists security bulletins released for September 2010.

Categories: Uncategorized Tags:

Microsoft Security Advisory (967940): Update for Windows Autorun

February 22nd, 2011 Comments off

Revision Note: V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.Summary: Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

Categories: Uncategorized Tags:

Verifying The SSL Certificate Expiration with a tool

February 22nd, 2011 No comments

An active member of our community developed a very handy tool to verify – or let’s actually say monitor – the validity of SSL server certificates.

After downloading and extracting the the ZIP-file the tool is quite self explanatory. Press CTRL+A or click Add Server Entry on the Server List menu. Once you have entered the web address and SSL port, the entry appears in the list of servers.

image

To perform the verification, just click the Scan button on the toolbar. The validity information is added to the table.

If you’d need to regularly verify the time validity of SSL certificates, save the server list for re-use.

Categories: Uncategorized Tags:

Verifying The SSL Certificate Expiration with a tool

February 22nd, 2011 Comments off

An active member of our community developed a very handy tool to verify – or let’s actually say monitor – the validity of SSL server certificates.

After downloading and extracting the the ZIP-file the tool is quite self explanatory. Press CTRL+A or click Add Server Entry on the Server List menu. Once you have entered the web address and SSL port, the entry appears in the list of servers.

image

To perform the verification, just click the Scan button on the toolbar. The validity information is added to the table.

If you’d need to regularly verify the time validity of SSL certificates, save the server list for re-use.

Categories: Uncategorized Tags:

Update for Windows Autorun – Version: 2.1

Severity Rating:
Revision Note: V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.
Summary: Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

Categories: Uncategorized Tags:

Microsoft Security Advisory (967940): Update for Windows Autorun – Version: 2.1

Severity Rating:
Revision Note: V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.
Summary: Microsoft is announcing the availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file.

Categories: Uncategorized Tags:

CAT.NET Update – Long Overdue

February 21st, 2011 No comments

Frank Brisse here…

I wanted to provide an update to the CAT.NET project since it’s been a while since my last communication. Internally we have version 2.0 of CAT.NET running. Unfortunately, some of the features we relied on in Visual Studio’s code analysis did not make it into the final product. We are working with the Visual Studio team to include the features needed.

In the meantime our team has been investigating options to bypass the missing libraries. This is not an ideal solution because we’ll be omitting the seamless integration with Visual Studio. We believe we have a solution and have provided estimates to fix this problem. Because this effort was not planned, we are investigating how to fit this effort into our current work load. We should have some news by the end of March if not sooner.

Categories: Uncategorized Tags: