Optimal Security : the Lumension Blog

Paul Henry, Forensics and Security Analyst, provides his insights in this July 2010 Patch Tuesday Security Briefing.

Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that all three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.)  Additionally, MS10-043 requires a reboot and affects Windows Server [...]

I recently helped a friend set up her new Win7 box – it was a breeze, especially when compared to (or perhaps because of) the Vista lappie I set up for her a couple of years back. We had to do it because her old box was still running WinXP SP2 – and we couldn’t [...]

Reflecting on recent headlines that Google was going to drop Windows usage for desktops and move to Linux or OS X (Apple) reminded me of advice I received very early on in my security career – no operating system is the holy grail and you are always better off working with one you are more [...]

Microsoft has released two security bulletins this month, MS10-030 and MS10-031 to address two vulnerabilities in Microsoft Windows and Microsoft Office, both rated Critical. As both bulletins are rated as critical, they will both demand a high priority in their deployment across the enterprise.
Details:
MS10-030 resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live [...]

Lumension talks security with Charles Kolodgy of IDC at RSA about the evolution in endpoint management and security and what role new and emerging technologies will play in managing risk. Also, future predictions and trends.

Last week, I attended two security-related events in San Francisco. I spoke on the topic of the converging endpoint on a panel at America’s Growth Capital’s 6th Annual Information Security and West Coast Emerging Growth Conference. And I walked the floor at the RSA Conference, where Lumension exhibited. Here are my thoughts on the key [...]

About a hundred years ago (in Internet terms … so, a couple of years back), I learned about RealPlayer the hard way. Despite the warnings from my friend and all-around knowledgeable good guy Tim, I installed it on my lappie so I could play some interesting bit of fluff from the Internet. I then spent [...]

Today, Microsoft released an out-of-band security patch: Microsoft Security Bulletin MS10-002 – Critical, Cumulative Security Update for Internet Explorer (978207).  MS10-002 address the previously announced flaw in Internet Explorer that has been widely reported as the key attack vector in reported attacks against Google and other companies by entities based in China (MS Security Advisory [...]

We recently sat down with Nigel Stanley, Analyst at Bloor Research to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010.

Q: What role does whitelisting technology play in protecting a company’s vital information and managing critical risk?
A: Application whitelisting, which is the notion of only allowing pre-determined [...]