Language Selection

English French German Italian Portuguese Spanish

M$ Launches Security Advisory

Filed under
Microsoft
Humor

Microsoft has unveiled a new security advisory service to plug the gap between public disclosure of a vulnerability and the availability of a patch.

Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, Stephen Toulouse, the program manager of Microsoft Security Research Center (MSRC), said in an interview.

"When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security related topics," Toulouse said.

Microsoft's security advisories--the first two of which were issued Tuesday--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," said Toulouse.

In cases such as those, expect to see the advisories morph into actual bulletins, Toulouse added. "We'd put the advisory up, and when a patch is ready, use it to point to the bulletin," he noted.

The advisories will follow the general format of the existing security bulletins, because feedback for the latter has been positive and users are familiar with the layout. The two advisories rolled out Tuesday, for example, offer subsections titled "Overview" and "Frequently Asked Questions," just as do Microsoft's monthly security bulletins.

Full Story.

More in Tux Machines

GNU/Linux Desktops/Laptops and Devices

OSS Leftovers

Security Leftovers

  • Google and IBM launch open-source security tool for containers
    Google and IBM, together with a few other partners, released an open-source project that gathers metadata that developers can use to secure their software. According to an IBM blog post, the goal of the project is to help developers keep security standards, while microservices and containers cut the software supply chain.
  • Top 10 Hacking Techniques Used By Hackers
    We live in a world where cyber security has become more important than physical security, thousands of websites and emails are hacked daily. Hence, It is important to know the Top hacking techniques used by hackers worldwide to exploit vulnerable targets all over the internet.
  • Protect your wifi on Fedora against KRACK
    You may have heard about KRACK (for “Key Reinstallation Attack”), a vulnerability in WPA2-protected Wi-Fi. This attack could let attackers decrypt, forge, or steal data, despite WPA2’s improved encryption capabilities. Fear not — fixes for Fedora packages are on their way to stable.
  • Federal watchdog tells Equifax—no $7.25 million IRS contract for you
    The Government Accountability Office (GAO) on Monday rejected Equifax's bid to retain its $7.25 million "taxpayer identity" contract—the one awarded days after Equifax announced it had exposed the Social Security numbers and other personal data of some 145 million people.
  • Adobe Flash vulnerability exploited by BlackOasis hacking group to plant FinSpy spyware

    Security researchers have discovered a new Adobe Flash vulnerability that has already been exploited by hackers to deploy the latest version of FinSpy malware on targets. Kaspersky Lab researchers said a hacker group called BlackOasis has already taken advantage of the zero-day exploit – CVE-2017-11292 – to deliver its malicious payload via a Microsoft Word document.

  • Companies turn a blind eye to open source risk [Ed: No, Equifax got b0rked due to bad practices, negligence, incompetence, not FOSS]
    For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability.
  • Checking Your Passwords Against the Have I Been Pwned List
    Two months ago, Troy Hunt, the security professional behind Have I been pwned?, released an incredibly comprehensive password list in the hope that it would allow web developers to steer their users away from passwords that have been compromised in past breaches.

How to use an Arduino and Raspberry Pi to turn a fiber optic neural network into wall art

Hollywood has made many big promises about artificial intelligence (AI): how it will destroy us, how it will save us, and how it will pass us butter. One of the less memorable promises is how cool it will look. There's a great example of amazing AI visualization in Avengers: Age of Ultron when Tony Stark's AI butler Jarvis interacts with Ultron and we see an organic floating network of light morphing and pulsing. I wanted to make something similar to fill blank space on my apartment wall (to improve upon the usual Ikea art). Obviously, I couldn't create anything as amazing as Jarvis as a floating orb of light; however, I could use a machine learning algorithm that looks interesting with quirky data visualization: a neural network! It employs biologically inspired elements that were meant to replicate how (we thought) the human brain works. Read more