Microsoft EMET

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

 

More info at:

A Gift for the Hackers – Netherlands


(via OrT)

See also: http://www.canvas.be/programmas/panorama/server11668bf33:136e8606961:-6fa4 (in Dutch)

Update 1 (22/01/2013):
This is a reaction from Ricoh. It’s good to see that they take this seriously.
Other companies should follow their example!

Dutch version:
http://www.ricoh.nl/over-ricoh/nieuws/2012/beveiliging-van-printapparatuur.aspx

English translation:

Holding statement

While most businesses are advanced in the security of their IT networks, computers and physical security, they have not given their document workflows the same attention.

It is important to ensure that a business’s document management assets are managed as an integral part of an organisations overall information management and security strategy.  

By optimising their document processes they can dramatically reduce security risks, and also improve knowledge sharing, customer response times, environmental footprints and business agility.

Ricoh has been raising awareness of the importance of effective document security strategies through its own communications and partnerships.  We also welcome the investigation by the “Reporter” to further enhance awareness of security risks for technology users.

Preventative measures are likely to cost less than potential costs or fines for compliance breaches and leaks that may damage the reputation of their brand. A global analyst firm estimates these can be at least 10 times the cost of investing in preventative measures.

Ricoh provides a fully managed document process service, which can include security optimisation and advises users about security, particularly at the time of delivery and installation. Specific advice relates to replacing default passwords with self-chosen combinations.  In addition we advise clients to check their servers. If an organisation decides to enable internet connection (it will never happen automatically) and equipment is protected but the server is open, the printing device is also accessible.

Where a business chooses to manage its own process, we have ensured our devices include a comprehensive range of security features, are certified by the Common Criteria (ISO/IEC 15408) and are compliant with IEEE2600, the international standard for security functions.

For more detailed information, please contact us for further detailed information.

 

How to find out if your Linkedin password was found via PowerShell

First you need to download the combo_not.zip file and unpack it.
(for example read the comments on this post: http://tweakers.net/nieuws/82411/wachtwoorden-miljoenen-linkedin-gebruikers-op-straat.html )

Next drop the combo_not.txt file in your C:\ drive: C:\combo_not.txt

Now open PowerShell or PowerShell ISE and run the PowerShell script below:
(don’t forget to change YourPasswordHere):

cd c:\
$pass = "YourPasswordHere"
$sha1 = [System.Security.Cryptography.SHA1]::Create()
$bytes = [System.Text.Encoding]::UTF8.GetBytes($pass)
$hashArray = $sha1.ComputeHash($bytes)
$hashArray | foreach -Begin{$str=''} -Process{$str += "{0:x2}" -f $_} -End{$str}
$str2 = [String]::Concat("00000", $str.Substring(5))
findstr -I $str .\combo_not.txt
findstr -I $str2 .\combo_not.txt

I tested it and didn’t give a result, so that must be a good thing ;-) (let’s hope it is not due to this quick script :-) )

LinkedIn commented on the stolen passwords/hashes. Read it here: http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Update: apprently the first 5 bits need to be set to 0 to do another check if it is hacked
Update2: updated the script
Update3: reply from LinkedIn

Please post a comment if there are any suggestions/mistakes.

Learn more about the PowerShell pipeline script function: begin, process and end: