PoC code for MS12-020 (RDP) is obviously floating about, and many are still worried about worm activity from this.

One of my criticisms about this industry is that rarely is mitigation information shared or discussed; people seem to concentrate on breaking and not preventing exploitation. I wanted

[ more ]  [ reply ]

Hello.

We have quite complex policy that is not possible to summarize on a
mailing list.
Some important point for me specific for this project (it is a public web
site):
- The front end on internet need to a have a secure in depth
configuration (if one level fail, I don't want to have all site
comp

[ more ]  [ reply ]

Hi all and thanks for your replys.
Mr. Koch, we'll use Windows server 2003 for new VM's.
We are planning to replace the W2K Domain Controller and convert the Windows
2003 to primary domain controller and virtualize a second domain controller
using Windows 2003 too and raise the domain functional lev

[ more ]  [ reply ]

"Transparent" Bitlocker with TPM and direct boot to Windows Logon is not
a good idea in terms of security.

At the Passwords^10 conference in Dec 2010, Passware revealed their
newest versio of their forensic toolkit. You probably want to see that:
ftp://ftp.ii.uib.no/pub/passwords10/

Using Passware

[ more ]  [ reply ]

Hello all,

We are on the process of setting up Bitlocker on our laptops for OS
encryption and we are wandering if we should set up a PIN or not. If
we do not, the attacker can get to Windows login screen, but this is
where he will stop.

What happens if he boots with a linux live CD/USB? Can he dec

[ more ]  [ reply ]

Resending as there was a "failure to act" on the prior post and the points
are valid and important, IMO. :-)

Laura

-----Original Message-----
From: Laura A. Robinson [mailto:lrobinson (at) technologist (dot) com [email concealed]]
Sent: Monday, January 31, 2011 10:04 PM
To: 'Michael Sturtz'; 'Shang Tsung'; focus-ms@securityf

[ more ]  [ reply ]