The spam will have a subject of:
Microsoft Security Bulletin MS07-0065 - Critical Update
The body claims to have a patch for a zero day vulnerability, but contains malware.
For more detail, please see this SANS alert:
http://isc.sans.org/diary.html?storyid=3054&rss
A real, legitimate Microsoft Security Bulletin will be a PGP Signed text message.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Wednesday, June 27, 2007
Wednesday, May 23, 2007
Blank Password more Secure than Weak Password
This is a new one on me, but according to Microsoft, on Windows XP (and I assume Vista) the use of a blank password on a user account is more secure than the use of a weak password... like "1234" or "aabb". Why? because if a user account is created without a password, then that account cannot be accessed remotely. I have not tested this but I have to assume that they set a local security policy that blocks remote access if the account does not have a password.
Sounds like it's time for a lab test on this one.
Sounds like it's time for a lab test on this one.
Subscribe to:
Posts (Atom)
