By default, Internet Explorer 7 sets sites in the Internet Zone where “Protected Mode” (PM) is enabled. PM prevents IE from saving files and/or settings via IE without prompting the user for approval. PM is a good thing.

Sites in the Trusted Sites Zone, by default, do not have PM on. Consider it like this, if you trust a site enough to put it in the Trusted Sites Zone then why have PM on?

MS09-002 is the latest Cumulative Update for IE. In that patch, we believe Microsoft introduced a modification to the way it treats the About: page. Thus far no details can be found other than what is contained in their KnowledgeBase article 967941, so our interpretation may not be strictly accurate.

(more…)

If you’re thinking “What is the population of the United States near the turn of the millennium?” your collection of trivial knowledge is truly impressive and I wouldn’t want to oppose you in Final Jeopardy. In this case, however, you’d have the wrong answer…er, question. The question we’re looking for here is “How many records were compromised among breaches investigated by Verizon Business in 2008?”.

Yes, you read that correctly. I’m as flabbergasted as you are. We knew the number was big when we recently started combing through last year’s statistics in preparation for the upcoming 2009 Data Breach Investigations Report (DBIR), but I don’t think we quite knew it was THAT big. To put this number in perspective, that means 9 records were compromised for every second that ticked by in 2008 – and that’s just among the cases Verizon Business investigated! To put that in further perspective, you may remember that in the 2008 DBIR we reported a figure of 230 million records from cases we worked between 2004 and 2007.

What happened? We’re currently up to our data-loving eyeballs trying to put together an answer to that question. We will have it to you on April 15 in the form of the 2009 Data Breach Investigations Report…so stay tuned.

In a recent blog post at ZDNet, Jason O’Grady mentioned the benefits of running an application that monitors outgoing (egress) traffic on your Mac. OS X malcode has been in the news lately, with Trojaned versions of iWork and Photoshop CS4 appearing on the BitTorrent network, and Jason offers Little Snitch (an egress firewall application) as “one way to keep tabs on software that likes to call home” (such as a Trojan).

As our recent series on Mac AV suggests, I don’t run antivirus software on my OS X client systems. However, I do run Little Snitch. We neglected to mention egress firewalls as a worthwhile addition to good OS X configurations in that series, and would like to take the opportunity to do so here.

(more…)