Risk FREE 30 Day Trial
Use ProSecure™ STM and UTM to protect your network, free of charge, for 30 days.
Security Blog
Recently in General Category
February 28, 2010
RSA Conference is HERE
Just a reminder that the RSA Conference is back in town. For those of you interested in security, RSA is the place to be. Personally, I'm looking forward to what new developments in security 2010 will bring. See you all at the show!
Posted by: Pete at 8:59 PM
Categories: General
February 23, 2010
eWeek Reviews the UTM5
eWeek has just published their review of the UTM5. The review talks about the various components of the UTM5 and also gives their thoughts on setting up the unit.
See what they have to say here.
Posted by: Pete at 2:04 PM
Categories: General
February 12, 2010
Threat Lab Report: Apple's Ipad Sparks New SEO Threats
On January 27th, Apple formally introduced to the world the iPad, when countless delighted when Apple fans rejoiced. They weren't the only ones. Cyber criminals were also excited but for other reasons.
Big news events such as the earthquake in Haiti have always been exploited by cyber criminals.
The iPad announcement for them, was a golden opportunity to spread new viruses. They used various SEO poisoning techniques (SEO (Search Engine Optimization) poisoning techniques) to accomplish this. The mal-websites containing the viruses will show up at the top of well-known search engine search results.
When the user arrives at the sites of these viruses, the site will present the user with a fake online virus scan, then inform the user's that the computer has been infected, and present a virus (Trojan-Downloader.Win32.FraudLoad.wxuf ) disguised as anti-virus software for the user to download and install.
This type of threat can be stopped in real-time by ProSecure appliances.
Posted by: Netgear Threat Lab at 3:08 PM
Categories: General , Malware , Netgear Threat Lab
February 5, 2010
ProSecure UTM5 Launched
We just introduced the latest member of the UTM family the UTM5. It contains all the security found in the UTM10 and UTM25 at slightly slower speeds. It's a great fit for smaller office networks and basically gives you the high level of protection found in high end Web/Email security gateways, plus the functionality and connectivity options of a good firewall.
One thing we didn't compromise on is the security effectiveness. What good is a security appliance if it doesn't effectively do what it was brought in to do? The UTM5 is a great value, but there is nothing "economy class" about the coverage and performance of the UTM5.
Contact your local VAR or sign up at prosecure.netgear.com for a risk free 30 day eval.
Posted by: Pete at 3:48 PM
Categories: General
February 5, 2010
ProSecure UTMs Firmware with SSL Vulnerability Patch Released
Back in November a critical SSL Vulnerability was discovered.
I'm pleased to say that firmware version 1.0.16-0 for our UTM family contains patched versions of SSL. There are many components within the UTM that uses SSL so getting this patch was very important.
It's a good thing this vulnerability was discovered by researchers with good intentions as this could have resulted in a disaster (with the economy the way it is, even if the bad guys did exploit the vulnerability there probably wasn't that much to steal ;-))
You can read the release notes here.
Posted by: Pete at 3:39 PM
Categories: General
February 2, 2010
IT Pro Reviews the STM300
IT Pro has just published their review of the STM300. Head on over and see what they have to say about the STM300.
Posted by: Pete at 10:38 AM
Categories: General
January 26, 2010
New Internet Explorer Vulnerability Potentially Exposes All of the Victim's Files
A new vulnerability in Internet Explorer has been discovered (again).
This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
The result - gain access to all of the victim's files.
Jorge Luis Alvarez Medina, a security consultant will demonstrate proof-of-concept code next month after the Black Hat Conference in Washington DC, and Microsoft intends to subsequently release a patch for this soon after.
"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says.
To give you a better idea of how the attack is carried out, here is what Medina says about the attack. "With IE's Security Zones, an Internet zone would not be allowed to read files from a local machine, for instance. But if a local machine is considered part of the Internet zone, its files could be accessed by an attacker."
Until a patch is released, a few ways to protect yourself from being exposed would be to:
1. Deploy IE's Protocol Lockdown feature to restrict the file protocol
2. Set the security level to "High"
3. Disable active scripting in the Intranet and Internet Zones
4. Run IE in Protected Mode if available in the OS
5. Lock down and disable the MHTML protocol handler
6. And last but not least use another browser
Along with the attacks on Google last week, it seems to me that IE still has a long way to go before we can consider it "secure". This is not isolated to IE as Firefox actually has even more vulnerabilities. Software companies simply have to do a better job at breaking their products before releasing them to the public. As it stands, Web browsers and many other types of software are simply acting as a gateway for hackers to the rest of a user's system.
Posted by: Pete at 1:45 PM
Categories: General , Vulnerability
January 6, 2010
Small Net Builder Reviews the UTM10
SmallNetBuilder has posted a very thorough review of the UTM10. For those of you who are interested in what the UTM looks like under the hood as well as how it performs, I highly recommend heading on over there.
Read the review here.
Posted by: Pete at 3:18 PM
Categories: General
December 25, 2009
Happy Holidays
From all of us here at ProSecure, we wish you all Happy Holidays and a Happy New Year!
Posted by: Pete at 8:32 PM
Categories: General
November 11, 2009
Web Browser Vulnerability Report - Firefox Leads the Pack at 44%
A recent report by Web application security vendor Cenzic pointed out that in the first half of 2009 Firefox totaled for 44% of all vulnerabilities amongst popular Web browsers. Also somewhat surprising is Safari coming in at 35% due to iPhone Safari vulnerabilities (that's another story in itself). IE came in third at 15% and Opera at 6% (BTW, where was Chrome?).
Firefox (by the way, I've been a Firefox user since its debut) is an open source browser which has marketed itself as a "safer" alternative to Microsoft's Internet Explorer. Early on that was true, however when Firefox started to gain popularity, hackers began shifting focus to it and Firefox became "less safe".
Two factors contribute to the amount of vulnerabilities we are seeing in the browser today. Number one, the browser is relatively young, so there are naturally more holes in it. This will get better as the browser further matures.
Second of all, Firefox is open-source and has a flexible add-on architecture where basically anyone who can code (and even some who can't) can make an add-on for Firefox. While this architecture and open source in general bring flexibility, functionality, and scalability to the browser, many of these add-ons are not "hardened" and could introduce security loopholes into Firefox. Also, due to the open-source nature of Firefox,hackers can study the browser source code inside out and find holes that way.
Regardless, I will continue to use Firefox. However, I'll also make sure that my security surrounding the browser is up to snuff. I suggest you do too.
Posted by: Pete at 12:13 PM
Categories: General