Internet Explorer Zero-Day

There is a zero day flaw in Internet explorer, this impacts all versions of the browser but it seemed as though criminals are more focused on IE-8 And IE-9. On zero day, the attack occurs on "day zero" of awareness that the vulnerability exist. Also developers will have zero days to address and patch the vulnerability. It has been discovered that 70 percent of Windows business users are at risk to the IE zero-day exploit. The scope of the problem have been declared bad enough to the point where Microsoft will go "out-of band" to release a fix. People do not have any idea of what exactly but it is believed that the vulnerability has been present since IE-6

Hopefully all users are taking necessary measures to ensure that they and reduce their risk as much as possible. Microsoft should also send the "out-of-band" patch as soon as possible. Also some defense mechanism will include the use of "Address space Layout Randomization(ASLR)", It will not prevent it from happening it just makes it extremely harder.

http://www.networkworld.com/news/2013/091913-70-percent-of-business-users-273996.html?page=2

Security of Picture Gesture Authentication

When windows 8 was introduced it came with a new form of password security with the picture gesture authentication. With time we realized that text passwords was not really overly secure, but with the Microsoft gesture authentication they promise a secure form of security. Your system cannot just be run through a database with words until the right one works. Picture authentication gives us a unique way of locking our systems, the pictures we use are unique, the gestures we make are also unique.

Though this gives us the opportunity to run freely with it and do something more personable it is becoming a problem as researchers notice that the gestures and pictures have a similar trend to it. Most users would choose the tap, tap, tap gesture and one of those will be the eye. it has become the most insecure and easiest to crack according to research.

Researches from Arizona State University, Delaware State University, and GFS Technology inc developed an attack framework and attack models. They found that people mostly choose one of their own photo instead of the one's they have been provided with. The relationship between background pictures and user's identity, personality, or interest with 60% of users selecting area are on an image where special object are located. Based on how long they take to setup the password, users most often will either circle a face, tap an eye or nose, and connect lips on pictures with faces. Now for the pictures without faces mostly spacial objects will be selected or connected.

The attack framework developed by the researchers got so advance to the point where it was capable of cracking passwords on previously unseen pictures in the picture gesture authentication system. This research will be presented to Microsoft so that they can find controls to ensure that their systems and their users are safe. Also to maybe revisit the rules and procedure on the picture authentication and run some testing to see where they can potentially improve and by how much they can improve.

http://www.networkworld.com/community/blog/researchers-develop-attack-framework-cracking-windows-8-picture-passwords?page=0%2C0