http://www.desca.com/soluciones1.asp
Unified Communications:
Cisco Unified Call Processing
Cisco Unified Communications Clients
Cisco Unified Contact Center
Cisco Rich-media Communications
Cisco Voice and Unified Messaging
Videoconferencing & Telepresence
Microsoft Unified CommunicationsMobility:
Cisco Mobility Solutions
Nokia Mobility Solutions
Fixed Mobile Convergence SolutionsReal Time Location Services:
Asset Tracking & Location
Business Process IntegrationWireless & Wireline Service Providers:
RAN & Access Network Evolution
Next Generation Voice Services
IP TV & Video Over IP Services
IP/MPLS Convergence
Value Added Services & Applications
Hosted/Managed Security Services
IP Traffic & Services Optimization & Control
Mobility ServicesHealth Care:
Medical Grade Networks
Applied Real Time Location ServicesLocal Government Solutions:
Connected Communities Solutions
E-Government Solutions
Mobile & Public Wireless LANsFinancial Services:
Branch Transformation
Unified Communications
Financial Services Kiosks & Self Service SolutionsSecurity:
Firewall
Intruder Prevention
VPNs (IPSec / SSL)
Antivirus (Perimetral and end-user)
Strong Authentication
Network Access Control (NAC)
Content Security and Control (CSC)
Self-Defending Networks Security Services:
Vulnerability Testing / Ethical Hacking
Definition and Broadcasting of Security Policies
Network Security Design
Fine-Tuning of Security Equipment Configuration
Device Monitoring and Administration (Security Operations Center –SOC)
Platform Assurance
Risk Analysis
Implementation of Information Security Management Standards (based on ISO 27001)
GAP Analysis (ISO 27001)
Contingency Plans
Forensic Analysis
jueves, 27 de agosto de 2009
viernes, 21 de agosto de 2009
La Norma de Seguridad PCI (Payment Card Industry)
http://www.informatizate.net/index.php?option=com_content&view=article&id=60:la-norma-de-seguridad-pci-payment-card-industry&catid=37:Artículos%20de%20Colaboradores%20de%20informatizate
La Norma de Seguridad PCI (Payment Card Industry)
Monday, 26 May 2008 21:35
César Farro
e-mail:
cesar.farro@gmail.com
BSI Auditor Leader ISO 27001:2005SANS GIAC Firewall Analyst y SANS GIAC Network Auditor
Cada vez los ladrones están más avanzados en el uso de la tecnología para cometer los hurtos, y han visto que en los comercios hay mucha información descuidada y fácil de robar.
Los comercios se deben preparar a proteger la información personal de sus clientes y preservar la comodidad de usar su tarjeta de crédito.
Introducción:
http://www.kriptopolis.org/mayor-robo-de-datos-via-inalambrica
La Norma de Seguridad PCI (Payment Card Industry)
Monday, 26 May 2008 21:35
César Farro
e-mail:
cesar.farro@gmail.com
BSI Auditor Leader ISO 27001:2005SANS GIAC Firewall Analyst y SANS GIAC Network Auditor
Cada vez los ladrones están más avanzados en el uso de la tecnología para cometer los hurtos, y han visto que en los comercios hay mucha información descuidada y fácil de robar.
Los comercios se deben preparar a proteger la información personal de sus clientes y preservar la comodidad de usar su tarjeta de crédito.
Introducción:
Cada vez más clientes utilizan sus tarjetas de crédito o débito para pagar a través de un POS (Point of Sale) en sus distintas formas: por ejemplo un POS simple que se puede encontrar en un supermercado o en un comercio relativamente pequeño, POS inalámbricos como por ejemplo los que tienen una tarjeta celular CDMA en una estación de gasolina. O simplemente utilizar una Computadora para poder hacer compras por Internet y utilizar tu tarjeta de crédito. Esto trae como consecuencia que los comercios tengan la posibilidad de poder guardar información muy sensible de los Tarjetahabientes, como: Número de cuenta primario (PAN), Nombre del titular/Tarjetahabiente, Código de Servicio y Fecha de Vencimiento. Los fraudes de las tarjetas de crédito y el robo de identidad son problemas que están en crecimiento cada año.
A continuación se describe la noticia de uno de los últimos robos mas conocidos.
Durante dos años, varios individuos no identificados estuvieron escuchando las conversaciones entre los dispositivos inalámbricos de mano utilizados por los empleados de un centro comercial de la firma Marshall en Minessotta y las cajas registradoras y ordenadores de la tienda. (1)
http://www.kriptopolis.org/mayor-robo-de-datos-via-inalambrica
Los intrusos utilizaron una antena wi-fi y una laptop para hacerse con los datos de acceso de algunos empleados a los servidores centrales, lo que les permitió luego acceder a la base central de datos de la cadena TJX, a la que pertenece el comercio espiado. Esta gran cadena comercial, valorada en 17.400 millones de dólares, utilizaba WEP (2)(Wired Equivalent Privacy, sistema de cifrado del estándar IEEE 802.11 como protocolo para redes Wi-Fi) para cifrar sus comunicaciones wireless en 2005, pese a que desde 2001 no se consideraba a ese protocolo seguro y desde 2003 se recomendaba el uso del más seguro WPA (Wi-Fi Protected Access) ó WPA2.
jueves, 20 de agosto de 2009
The gpl-violations.org project?
http://gpl-violations.org/
The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software.
The ultimate goal is to make vendors of GPL licensed software understand that GPL is not public domain, and that there are license conditions that are to be fulfilled.
The project wants to act as information and communication platform between all parties involved with licensing of free software:
authors and copyright holders
vendors, OEM's, VAR's
users
Please note that this homepage is not maintained very well. We're so busy in both technically and legally resolving GPL violations that there's hardly any time left to keep this page up-to-date.
We're acutally looking for a volunteer webmaster skilled in working with docbook-website.
The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software.
The ultimate goal is to make vendors of GPL licensed software understand that GPL is not public domain, and that there are license conditions that are to be fulfilled.
The project wants to act as information and communication platform between all parties involved with licensing of free software:
authors and copyright holders
vendors, OEM's, VAR's
users
Please note that this homepage is not maintained very well. We're so busy in both technically and legally resolving GPL violations that there's hardly any time left to keep this page up-to-date.
We're acutally looking for a volunteer webmaster skilled in working with docbook-website.
miércoles, 19 de agosto de 2009
FAKE AValert Virus Photo
These is a real photo of who a Virus perform a network internal propagation using a MAC address finded on the local arp cache.
TCS makes Linux DISA compliant
http://gcn.com/articles/2008/02/05/tcs-makes-linux-disa-compliant.aspx
TCS makes Linux DISA compliant
o By Joab Jackson
o Feb 05, 2008
Trusted Computer Solutions has upgraded its Security Blanket security compliance software so that it can make Red Hat Enterprise Linux compliant with the settings defined in the Defense Information Systems Agency's Security Technical Implementation Guide for that operating system. The profile also includes Linux security profiles from the SANS Institute and the Center for Internet Security, and a security profile for the LAMP stack (Linux, Apache, MySQL, PHP) in addition to RHEL. TCS offers Security Blanket 1.2 not only to Defense agencies, but to civilian agencies as well. 'The Department of Defense has invested a great deal of time and research in the development of these lockdown guidelines,' said Ed Hammersla, chief operating officer at TCS, in a statement 'Now commercial companies and civilian government agencies can have the same level of security as the DOD.' DISA developed STIGS as a way to establish a secure baseline configuration for the agency's servers. TCS claims that the Security Blanket is the first software to automate the setting and checking of the DISA STIG configurations on RHEL servers. Security Blanket costs $198 per server.
TCS makes Linux DISA compliant
o By Joab Jackson
o Feb 05, 2008
Trusted Computer Solutions has upgraded its Security Blanket security compliance software so that it can make Red Hat Enterprise Linux compliant with the settings defined in the Defense Information Systems Agency's Security Technical Implementation Guide for that operating system. The profile also includes Linux security profiles from the SANS Institute and the Center for Internet Security, and a security profile for the LAMP stack (Linux, Apache, MySQL, PHP) in addition to RHEL. TCS offers Security Blanket 1.2 not only to Defense agencies, but to civilian agencies as well. 'The Department of Defense has invested a great deal of time and research in the development of these lockdown guidelines,' said Ed Hammersla, chief operating officer at TCS, in a statement 'Now commercial companies and civilian government agencies can have the same level of security as the DOD.' DISA developed STIGS as a way to establish a secure baseline configuration for the agency's servers. TCS claims that the Security Blanket is the first software to automate the setting and checking of the DISA STIG configurations on RHEL servers. Security Blanket costs $198 per server.
Linux Open Source Compliance: Getting Started and Best Practices
http://events.linuxfoundation.org/lc09b3
Open Source Compliance: Getting Started and Best PracticesDr. Ibrahim Haddad, Palm
The proliferation of open source software use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance.
This presentation will provide an overview and a discussion on the following topics: open source compliance, building a compliance program and infrastructure, who’s involved in open source compliance, best practices, lessons learned and responding to compliance inquiries. Software engineers, engineering managers, product managers, developer relations managers, and Legal staff involved in creating and shipping a product that includes open source software. Technical level of expertise required: not applicable. The presentation is not technical.
Open Source Compliance: Getting Started and Best PracticesDr. Ibrahim Haddad, Palm
The proliferation of open source software use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance.
This presentation will provide an overview and a discussion on the following topics: open source compliance, building a compliance program and infrastructure, who’s involved in open source compliance, best practices, lessons learned and responding to compliance inquiries. Software engineers, engineering managers, product managers, developer relations managers, and Legal staff involved in creating and shipping a product that includes open source software. Technical level of expertise required: not applicable. The presentation is not technical.
Windows 2008 Server Best Practice
http://www.microsoft.com/presspass/features/2008/feb08/02-04WS2008.mspx
As Windows Server 2008 RTMs, Customers and Partners Adopting with Help of New Tools, Training
With Windows Server 2008 releasing to manufacturers today, Microsoft has made tools, training and resources available to customers and partners to help make it easier and faster to deploy or build upon the new operating system.
REDMOND, Wash., Feb. 4, 2008 –Approaching the company’s largest enterprise launch in its history, Microsoft reached another important milestone today with the release to manufacturing (RTM) of Windows Server 2008. The response from IT professionals and developers has been strong as the company moves toward the worldwide launch of Windows Server 2008, SQL Server 2008 and Visual Studio 2008 on February 27.
One indication of the momentum that is building around the latest server operating system is the number of beta and evaluation versions that customers and partners have obtained: more than two million.
IT professionals face increasing pressure from rapidly changing technology, increasing costs and security concerns, and expanding business needs. Windows Server 2008 helps alleviate these pressures by automating daily management tasks, tightening security, improving efficiency and increasing availability. It also offers virtualization solutions that will enable IT professionals to reduce costs, increase hardware utilization, optimize their infrastructure, and improve server availability.
Furthermore, because Windows Server 2008 was developed in tandem with the Windows Vista code base, it has most of that operating system’s advanced management and security features, such as integrated Network Access Protection (NAP) and Group Policy. Customers will also see system-wide performance improvements from an integrated system architecture, including network file sharing, managed quality of service and reduced power consumption. Common tools and processes across both operating systems will result in efficiencies for IT organizations.
“We’ve been working with partners around the world who are creating solutions that take advantage of the new platform’s feature set,” said Bob Visse, senior director, Windows Server Marketing Group at Microsoft. “There’s been tremendous support for the operating system and a lot of excitement around the opportunity it represents for the industry.”
Microsoft is also offering customers a Go Live License, which permits them to deploy beta releases of Internet Information Services 7.0 (IIS 7.0) into live production. So far, 28 companies worldwide have created and launched hosted offerings using this program, and hundreds more have downloaded the Windows Server 2008 beta and begun testing.
With Windows Server 2008, Microsoft is also embracing PHP hosting on Windows via the FastCGI module for IIS 7.0. PHP is a popular open-source scripting language used to build dynamic web applications. This allows IT Professionals to host PHP and ASP.net applications side by side. As a result, the PHP community will be able to take advantage of the increased reliability of PHP on Windows and simplified administration available on the Windows platform.
Customers: On Your Mark…
To help IT professionals evaluate the migration-readiness of their existing networks, Microsoft has created four automated assessment tools, or “Solution Accelerators:”
•
the Microsoft Assessment and Planning (MAP) tool, which helps evaluate installed applications on servers, performs hardware assessments and makes recommendations regarding server virtualization;
•
the Infrastructure Planning and Design guides, which describe the architectural considerations involved in implementing the upgrade to Windows Server 2008;
•
the Windows Server 2008 Security Guide, which provides best practices and automated tools to help strengthen the security of servers running Windows Server 2008; and
•
the Microsoft Deployment tool, which decreases the cost of client and server deployments by providing detailed guidance and job aids for every organizational role involved with large-scale deployment projects.
Enterprise customers planning to upgrade can follow a few basic steps to help prepare and plan for the move to Windows Server 2008:
1.
Use Microsoft’s free tools to assess their enterprise’s current servers and determine which can be upgraded and which servers will require a “clean install. “
2.
Engage with their application suppliers for prescriptive guidance.
3.
Test applications they’re planning to run for compatibility with Windows 2008.
4.
Research certified hardware and software solutions in the Windows Server Catalog.
Upgrade Options
Windows Server 2008 uses image-based deployment to make the installation process as efficient as possible. Installation images are the fastest way to deploy an operating system. Image-based setup also is less error-prone than a scripted installation process.
Customers upgrading from Windows Server 2003 to Windows Server 2008 will follow one of two methods, depending upon their current environment. Servers that are running only software applications that came with Windows Server 2003, such as Active Directory, Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP), are the best candidates for a simple upgrade.
Microsoft recommends other customers running a wider variety of applications follow IT community best practices and perform a “clean install” of Windows Server 2008. A clean install involves loading Windows Server 2008 on a partition that is not running an existing operating system. Microsoft advises those customers who want to pursue an upgrade to first contact the software manufacturer for prescriptive guidance. Customers running applications whose manufacturers do not provide support during the upgrade process, which did not ship with Windows Server 2003 or that weren’t delivered to Windows Server via Windows Update should remove those applications first, perform the upgrade to Windows Server 2008, verify the applications are supported on Windows Server 2008 and then reinstall the applications.
Windows Server 2008 also offers a barebones installation option called Server Core, in which only the services required to perform the Active Directory Domain Services, Active Directory Lightweight Directory Services (AD LDS), DHCP, DNS Server, File Services, Print Server, Streaming Media Services, Web Server (IIS), or Hyper-V (Virtualization), roles are installed. A Server Core installation offers base-level server functionality without any extra overhead, so it will typically require less maintenance and fewer updates than a full installation.
Ensuring Compatibility
To help original equipment manufacturers (OEMs), independent hardware vendors (IHVs), independent software vendors (ISVs) and other developers build solutions that IT professionals can deploy immediately with confidence, Microsoft created the Windows Server 2008 Logo Program.
“We’ve been working with more than 1,000 software and hardware partners to help ensure that their products take full advantage of the capabilities and features of Windows Server 2008,” said Visse.
Windows Server 2008 software certification comprises approximately 100 test cases that independently confirm an application’s compliance with best practices for compatibility, security, reliability and availability on the server operating system. The certification identifies top-performing technologies that are ready to deploy in mission-critical environments.
The program features two designations – the “Works with Windows Server 2008” designation ensures that an application is in compliance with best practices for the most common Windows Server 2008 functions, while the “Certified for Windows Server 2008” logo supports rigorous standards for stability, security, reliability and overall performance.
Microsoft expects there to be at least 80 software applications certified for Windows Server 2008 by the end of February, and roughly 300 more that are considered ready for the new platform. A complete list of compatible hardware and software products is available at http://www.windowsservercatalog.com/.
In addition to encouraging customers to look for the certification logo when they make purchasing decisions, Microsoft has done something new for Windows Server 2008. The company has made the same tools that ISVs used to test their products for compatibility available to IT professionals so that they can test both commercial applications and custom applications they’ve developed in-house. The tools are downloadable at http://www.innovateonwindowsserver.com/learnbuild.aspx.
There is also a Windows Server 2008 Developer Center site that is a portal for both ISV developers and enterprise developers working on custom applications. The site provides how-to videos, interviews with Microsoft engineers and related documents. It also links to a moderated technical forum for application readiness and certification discussions and questions http://msdn2.microsoft.com/en-us/windowsserver/default.aspx.
As Windows Server 2008 RTMs, Customers and Partners Adopting with Help of New Tools, Training
With Windows Server 2008 releasing to manufacturers today, Microsoft has made tools, training and resources available to customers and partners to help make it easier and faster to deploy or build upon the new operating system.
REDMOND, Wash., Feb. 4, 2008 –Approaching the company’s largest enterprise launch in its history, Microsoft reached another important milestone today with the release to manufacturing (RTM) of Windows Server 2008. The response from IT professionals and developers has been strong as the company moves toward the worldwide launch of Windows Server 2008, SQL Server 2008 and Visual Studio 2008 on February 27.
One indication of the momentum that is building around the latest server operating system is the number of beta and evaluation versions that customers and partners have obtained: more than two million.
IT professionals face increasing pressure from rapidly changing technology, increasing costs and security concerns, and expanding business needs. Windows Server 2008 helps alleviate these pressures by automating daily management tasks, tightening security, improving efficiency and increasing availability. It also offers virtualization solutions that will enable IT professionals to reduce costs, increase hardware utilization, optimize their infrastructure, and improve server availability.
Furthermore, because Windows Server 2008 was developed in tandem with the Windows Vista code base, it has most of that operating system’s advanced management and security features, such as integrated Network Access Protection (NAP) and Group Policy. Customers will also see system-wide performance improvements from an integrated system architecture, including network file sharing, managed quality of service and reduced power consumption. Common tools and processes across both operating systems will result in efficiencies for IT organizations.
“We’ve been working with partners around the world who are creating solutions that take advantage of the new platform’s feature set,” said Bob Visse, senior director, Windows Server Marketing Group at Microsoft. “There’s been tremendous support for the operating system and a lot of excitement around the opportunity it represents for the industry.”
Microsoft is also offering customers a Go Live License, which permits them to deploy beta releases of Internet Information Services 7.0 (IIS 7.0) into live production. So far, 28 companies worldwide have created and launched hosted offerings using this program, and hundreds more have downloaded the Windows Server 2008 beta and begun testing.
With Windows Server 2008, Microsoft is also embracing PHP hosting on Windows via the FastCGI module for IIS 7.0. PHP is a popular open-source scripting language used to build dynamic web applications. This allows IT Professionals to host PHP and ASP.net applications side by side. As a result, the PHP community will be able to take advantage of the increased reliability of PHP on Windows and simplified administration available on the Windows platform.
Customers: On Your Mark…
To help IT professionals evaluate the migration-readiness of their existing networks, Microsoft has created four automated assessment tools, or “Solution Accelerators:”
•
the Microsoft Assessment and Planning (MAP) tool, which helps evaluate installed applications on servers, performs hardware assessments and makes recommendations regarding server virtualization;
•
the Infrastructure Planning and Design guides, which describe the architectural considerations involved in implementing the upgrade to Windows Server 2008;
•
the Windows Server 2008 Security Guide, which provides best practices and automated tools to help strengthen the security of servers running Windows Server 2008; and
•
the Microsoft Deployment tool, which decreases the cost of client and server deployments by providing detailed guidance and job aids for every organizational role involved with large-scale deployment projects.
Enterprise customers planning to upgrade can follow a few basic steps to help prepare and plan for the move to Windows Server 2008:
1.
Use Microsoft’s free tools to assess their enterprise’s current servers and determine which can be upgraded and which servers will require a “clean install. “
2.
Engage with their application suppliers for prescriptive guidance.
3.
Test applications they’re planning to run for compatibility with Windows 2008.
4.
Research certified hardware and software solutions in the Windows Server Catalog.
Upgrade Options
Windows Server 2008 uses image-based deployment to make the installation process as efficient as possible. Installation images are the fastest way to deploy an operating system. Image-based setup also is less error-prone than a scripted installation process.
Customers upgrading from Windows Server 2003 to Windows Server 2008 will follow one of two methods, depending upon their current environment. Servers that are running only software applications that came with Windows Server 2003, such as Active Directory, Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP), are the best candidates for a simple upgrade.
Microsoft recommends other customers running a wider variety of applications follow IT community best practices and perform a “clean install” of Windows Server 2008. A clean install involves loading Windows Server 2008 on a partition that is not running an existing operating system. Microsoft advises those customers who want to pursue an upgrade to first contact the software manufacturer for prescriptive guidance. Customers running applications whose manufacturers do not provide support during the upgrade process, which did not ship with Windows Server 2003 or that weren’t delivered to Windows Server via Windows Update should remove those applications first, perform the upgrade to Windows Server 2008, verify the applications are supported on Windows Server 2008 and then reinstall the applications.
Windows Server 2008 also offers a barebones installation option called Server Core, in which only the services required to perform the Active Directory Domain Services, Active Directory Lightweight Directory Services (AD LDS), DHCP, DNS Server, File Services, Print Server, Streaming Media Services, Web Server (IIS), or Hyper-V (Virtualization), roles are installed. A Server Core installation offers base-level server functionality without any extra overhead, so it will typically require less maintenance and fewer updates than a full installation.
Ensuring Compatibility
To help original equipment manufacturers (OEMs), independent hardware vendors (IHVs), independent software vendors (ISVs) and other developers build solutions that IT professionals can deploy immediately with confidence, Microsoft created the Windows Server 2008 Logo Program.
“We’ve been working with more than 1,000 software and hardware partners to help ensure that their products take full advantage of the capabilities and features of Windows Server 2008,” said Visse.
Windows Server 2008 software certification comprises approximately 100 test cases that independently confirm an application’s compliance with best practices for compatibility, security, reliability and availability on the server operating system. The certification identifies top-performing technologies that are ready to deploy in mission-critical environments.
The program features two designations – the “Works with Windows Server 2008” designation ensures that an application is in compliance with best practices for the most common Windows Server 2008 functions, while the “Certified for Windows Server 2008” logo supports rigorous standards for stability, security, reliability and overall performance.
Microsoft expects there to be at least 80 software applications certified for Windows Server 2008 by the end of February, and roughly 300 more that are considered ready for the new platform. A complete list of compatible hardware and software products is available at http://www.windowsservercatalog.com/.
In addition to encouraging customers to look for the certification logo when they make purchasing decisions, Microsoft has done something new for Windows Server 2008. The company has made the same tools that ISVs used to test their products for compatibility available to IT professionals so that they can test both commercial applications and custom applications they’ve developed in-house. The tools are downloadable at http://www.innovateonwindowsserver.com/learnbuild.aspx.
There is also a Windows Server 2008 Developer Center site that is a portal for both ISV developers and enterprise developers working on custom applications. The site provides how-to videos, interviews with Microsoft engineers and related documents. It also links to a moderated technical forum for application readiness and certification discussions and questions http://msdn2.microsoft.com/en-us/windowsserver/default.aspx.
Pirated Windows 7 on Sale at China PC Bazaar
http://www.csoonline.com/article/499430/Pirated_Windows_7_on_Sale_at_China_PC_Bazaar
Pirated Windows 7 on Sale at China PC Bazaar
The pirated software advertised a Web site infested with malware
» Comments
By Owen Fletcher, IDG News Service (Beijing Bureau)
August 11, 2009 — IDG News Service —
Pirated copies of Windows 7 have hit the shelves at China's electronics bazaars, months before the operating system officially goes on sale.
A stall owner at one of the multistory PC markets in Beijing sold a copy of the program for 40 yuan (US$5.86) on Monday. It was not clear from the thin, DVD-shaped box or the contents of the disc what version of Windows 7 it purported to carry, but a 1.8GB file named Win7.gho was on the disc. A .gho file is an image of a system that can be copied onto a new hard drive, potentially letting a user bypass the activation key step for programs like Windows.
Both legal and cracked copies of Windows 7 were already available online. A release candidate version of the OS is publicly available, and subscribers to the Microsoft Developer Network can download the RTM (release to manufacturing) version on the network's Web site.
A cracked version of Windows 7 has also appeared online in recent weeks. An image file containing Windows 7 Ultimate RTM and a manufacturer product key was stolen from Lenovo and placed on a Chinese hacker forum, the company said in a statement.
A user can purportedly pair the leaked key with a certain hack to install and use the OS, Microsoft said in an MSDN blog entry. But Microsoft said it is working with Lenovo to make sure no PCs using the pirated manufacturer key are sold, and Lenovo said the key would be disabled. Windows 7 will go on sale Oct. 22.
Pirated software from Microsoft and other companies is widely used in homes and offices across China, and it is often sold in stores or on streets.
The vendor at the Beijing bazaar said she said had sold pirated copies of Windows 7 for over a month and had a dozen buyers on some days. She kept the program discs in a low cabinet that she opened only when asked specifically for the OS.
It was not clear if the pirated Windows 7 disc carried malicious code, but its setup file promoted a Web site, www.pkghost.cn, infested with a high level of malware. Google found 31 scripting exploits, 25 Trojans and 21 other exploits on the site, according to its diagnostic page.
Malware may have been on the disc as well. Pirated software packages sold in China often include malware used to steal personal information from users, said Vu Nguyen, a McAfee Avert Labs researcher. One common type of Trojan steals passwords for popular online games, he said. Attackers can then profit by selling virtual items in the game accounts.
Pirated Windows 7 on Sale at China PC Bazaar
The pirated software advertised a Web site infested with malware
» Comments
By Owen Fletcher, IDG News Service (Beijing Bureau)
August 11, 2009 — IDG News Service —
Pirated copies of Windows 7 have hit the shelves at China's electronics bazaars, months before the operating system officially goes on sale.
A stall owner at one of the multistory PC markets in Beijing sold a copy of the program for 40 yuan (US$5.86) on Monday. It was not clear from the thin, DVD-shaped box or the contents of the disc what version of Windows 7 it purported to carry, but a 1.8GB file named Win7.gho was on the disc. A .gho file is an image of a system that can be copied onto a new hard drive, potentially letting a user bypass the activation key step for programs like Windows.
Both legal and cracked copies of Windows 7 were already available online. A release candidate version of the OS is publicly available, and subscribers to the Microsoft Developer Network can download the RTM (release to manufacturing) version on the network's Web site.
A cracked version of Windows 7 has also appeared online in recent weeks. An image file containing Windows 7 Ultimate RTM and a manufacturer product key was stolen from Lenovo and placed on a Chinese hacker forum, the company said in a statement.
A user can purportedly pair the leaked key with a certain hack to install and use the OS, Microsoft said in an MSDN blog entry. But Microsoft said it is working with Lenovo to make sure no PCs using the pirated manufacturer key are sold, and Lenovo said the key would be disabled. Windows 7 will go on sale Oct. 22.
Pirated software from Microsoft and other companies is widely used in homes and offices across China, and it is often sold in stores or on streets.
The vendor at the Beijing bazaar said she said had sold pirated copies of Windows 7 for over a month and had a dozen buyers on some days. She kept the program discs in a low cabinet that she opened only when asked specifically for the OS.
It was not clear if the pirated Windows 7 disc carried malicious code, but its setup file promoted a Web site, www.pkghost.cn, infested with a high level of malware. Google found 31 scripting exploits, 25 Trojans and 21 other exploits on the site, according to its diagnostic page.
Malware may have been on the disc as well. Pirated software packages sold in China often include malware used to steal personal information from users, said Vu Nguyen, a McAfee Avert Labs researcher. One common type of Trojan steals passwords for popular online games, he said. Attackers can then profit by selling virtual items in the game accounts.
martes, 18 de agosto de 2009
Securización Global Conceptual Integrada
-El primer concepto para minimizar los riesgos de intrusos en un área definida en un terreno es proteger por medio de un cerco perimetral y luego le agregamos una serie de mecanismos de control.
-Bajo este simple ejemplo partimos de la base de proteger por medio de una estrategia de protección perimetral las redes de computadoras, pero para este diseño inicial necesitamos en una primera fase realizar un inventario de la infraestructura actual (equipos, software y firmware).
-Realizado ello podremos tener una idea inicial para poder costear la estrategia de seguridad y el tiempo por etapas a implementar.
Suscribirse a:
Entradas (Atom)