Monday, April 09, 2007

An inside look into building and releasing MS07-017

As part of that, we not only investigate the specific issue that was reported to us, but any surrounding issues. Customers have told us clearly that they want us to make the security update as comprehensive as possible, they don’t want to have to apply multiple updates to address issues in the same components. So our triaging stage focuses on finding as many related issues as possible... Every vulnerability reported to Microsoft is triaged personally by a member of my team (in this case it was Adrian Stone) and they work on those issues reported to us end-to-end until the point we are able to produce an update that helps protect customers. In many cases, there is a delicate balance we strive to strike between meeting customer needs, our ability to test an update for appropriate quality and protecting customers against possible attacks...
Read the post in MSRC blog.

Labels:

Friday, April 06, 2007

MOPB full review

...
--without-iconv
--disable-json
--disable-mbregex
--disable-pdo
--disable-posix
--disable-reflection
--disable-filter
--disable-session
--disable-spl
--without-sqlite
--disable-tokenizer
--disable-libxml, --disable-xml, --disable-dom, --disable-simplexml, --disable-xmlreader & --disable-xmlwriter
...
Read the full story.

Labels: ,

Thursday, April 05, 2007

Physical Security in Mission Critical Facilities

Technologies are in place, and getting less expensive, to implement broad range solutions based on the identification principles of What you have, What you know, and Who you are. By combining an assessment of risk tolerance with an analysis of access requirements and available technologies, an effective security system can be designed to provide a realistic balance of protection and cost.
Download the pdf file (25 pages) - through 'netsec.blogspot.com'.

Labels: