ZERO DAY EXPLOIT : ???

1. While reading an article on Browser Forensics,came across this term "0-day" exploit....whats it all about?

2. A zero day exploit is a malevolent computer attack that takes capitalizes on a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is made. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.This occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

3. Zero day exploits may involve viruses, trojan horses, worms or other malicious code that can be run within a software program. While most programs do not allow unauthorized code to be executed, hackers can sometimes create files that will cause a program to perform functions unintended by the developer. Programs like Web browsers and media players are often targeted by hackers because they can receive files from the Internet and have access to system functions.While most zero day exploits may not cause serious damage to your system, some may be able to corrupt or delete files. Because the security hole is made known the same day the attack is released, zero day exploits are difficult to prevent, even if you have antivirus software installed on your computer. Therefore, it is always good to keep a backup of your data in a safe place so that no hacker attack can cause you to lose your data.

4. Thanks http://www.techterms.com/

New Gen BIOMETRICS : PALMSECURE from FUJITSU

1. Quiet often we seen biometrics fingers,palm,eyes,retina being chopped off in Hollywood movies for gaining illegal access to control rooms and secure areas by the bad man...so we used to think like there is no end and no permanent solution to this....now comes a solution to this problem wherein not the fingerprint or the palm print is taken as authentication model....it is the veins inside that exist inside the palm that matter and should match...now these veins should also be flowing blood to authenticate the logger.

2. Fujitsu provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features industry-leading authentication accuracy with extremely low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users.Applications include :

• Physical access control / Time and Attendance
• User authentication to PCs or server systems
• Government / Commercial identity management systems
• OEM terminal devices (POS, ATMs or information kiosks)
• Other industry-specific applications
• 
  

3. More about this here.

MOZZILA Firefox & GERMANY

1. In another notable policy implementation involving IT aspect and signifying the importance of browser ,German government and administration has suggested computer users not to use Firefox and run an alternative browser instead, because of a critical security demerit. It has recommended that PC users stop using Firefox till Mozilla releases a fix.

2. The advice is based on studies and recommendations of BurgerCERT,a division of German Federal Office for Security in Information Technology. The reason why Germany is evoking such ostensibly forceful action is based on the presence of a critical vulnerability in currently available versions of Firefox that could be exploited by hackers to launch malicious code on users' computers.

3. For its part, Mozilla has acknowledged the security vulnerability, and has released the latest version of its Firefox web browser ahead of schedule because of security vulnerabilities found in earlier versions.Firefox 3.6.2 was due to launch at the end of March, but is already available to download from the Mozilla website.

4. Any advises or thoughts from the MOD(IT) INDIA.....none!!!!!!

5. Thanks http://www.computerweekly.com