Posts Tagged ‘Operating System’

Microsoft warns of new zero-day hole

July 14th, 2009 | Author: Shaheen Abdul Jabbar

According to Microsoft Security Advisory – 973472, a zero-day hole in Office Web Components ActiveX Controls could allow an attacker to execute malicious code remotely. This happens on Internet Explorer that has the ActiveX Control enabled.

The ActiveX is used to display and publish spreadsheets, charts and databases to websites. There is no patch yet issued for this hole. However, Microsoft recommends certain manual steps to prevent the attack.

Microsoft recommends defaults settings of IE in Windows Server 2003 and Windows Server 2008 as it will prevent the an IE user on such servers from downloading such malicious contents.

Users of Microsoft Outlook and Outlook Express are safe if they are operated in the Restricted Sites Zone.

The web based attacked is not possible unless an IE user is forced to use a website infected with the malicious content. So beware of spams and phishing emails.

Once compromised, the IE user machine provides local admin rights to the remote attacker. Users with few local admin rights on the computer will have low impact.

  • Share/Bookmark
Posted in Information Security | Tags: , , | No Comments »

Chrome OS, Cloud Computing and Privacy

July 8th, 2009 | Author: Shaheen Abdul Jabbar

The news is out – highly anticipated Google’s Chrome is to released in coming fall or winter.

Its supposed to be faster and more efficient than Microsoft Windows and will support cloud computing. There will be no cost associated with using the OS as its going to be released as open source.

What does all these mean to an end user? Since the new OS is going to leverage cloud computing, I believe its going to behave similar to how a browser behave. When the machine is turned on, the user is presented with a console that directly interact with the applications hosted in the cloud. Applications include the existing Gmail, Documents, Calendar, Photos and other office productivity tools.

An end user, when he/she uses these applications, sends all the information or data to the cloud where the applications reside. They could be hosted either at Google datacenters or at a partner. The information or data that the user saved at these applications is now at the mercy of Google or its partners.

Today there are corporates who hesitate to use third party conference utilities such as Webex just because they don’t want their confidential data to go beyond their perimter. So what about using Google’s cloud computing services. Corporates as well as Governments are concerned about the privacy of their cititzens. Will Google ensure such privacy? How about the service level agreements? Or the Quality of Service? Can Google meet such varying requirements? Well, it may – for a “freemium”.

Personally I am thrilled waiting to play with another open source system.

For now, this is Shaheen posting these thoughts, from the Toronto subway system, using gmail to an open source application.

  • Share/Bookmark
Posted in Architecture, Information Security | Tags: , , , , | 1 Comment »
March 2010
M T W T F S S
« Dec    
1234567
891011121314
15161718192021
22232425262728
293031  
Terms of Use

The thoughts and views expressed in this website are my own and do not represent that of my partners or employers. I reserve all rights to the contents and no part of it may be reproduced or transmitted in any form or by any means without prior written permission.

Contact Me | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 Shaheen Nasirudheen Abdul Jabbar. All Rights Reserved.

Powered by WordPress