Daylight savings time will be starting three weeks earlier this year. This is causing a lot of concern as it will affect time based processes like Outlook calendar synchronization with Blackberry. To fix expected problems RIM and Microsoft are coming out with software patches. Microsoft’s patch needs to be applied on the exchange server. RIM however requires the Patch to be installed on each individual device. Individually designed software patches for the software version installed on the handheld can be downloaded from RIM’s site. The process of installing the patch takes up to thirty minutes depending on hardware and software type of the handheld.

Microsoft executives met in San Francisco on February 6th to discuss their plans for secure and easy “anywhere access.” Their vision is to secure a trustworthy environment for people to access, share and use corporate and personal information anywhere they might be. They want their customers to feel at ease and confident that their information will not be compromised, stolen or exploited.

In order to achieve their goal Microsoft has announced the following – the upcoming availability of Identity Lifecycle Manager 2007, the public beta of Microsoft® Forefront™ Server Security Management Console, support for Extended Validation SSL certificates in Internet Explorer® 7, and new collaboration with industry partners to help combat phishing.

Identity Lifecycle Manager 2007 provides an integrated and comprehensive solution for managing the entire lifecycle of user identities and their associated credentials. As the successor to the now defunct Microsoft Passport initiative, it provides identity synchronization, certificate and password management, and user provisioning in a single solution that works across Microsoft Windows and other organizational systems.

The public beta of Microsoft® Forefront™ Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen.

Extended Validation SSL certificates in Internet Explorer® 7 - new certificates require businesses to complete a thorough documentation process and verify current business licensing and incorporation paperwork, in addition to verifying that the entity named in the EV certificate has authorized the issuance of the EV certificate. Internet Explorer 7 recognizes EV certificates for businesses that have completed this process, and visually represents them by coloring the Address Bar in green.

A new attack technique known as “drive-by pharming” was recently made public by Symantec and Indiana University (Bloomington). Designed to badly compromise home networks, the address and model of a network router is initially determined through a combination of Java and Javascript, when the user first navigates to a malicious website.

Using a database of default usernames and passwords and a simple HTML form submission, the router is reprogrammed, where the DNS server addresses for the network are changed to one controlled by the attacker. At this point, the ability for the network to conduct DNS resolution using a malicious server makes high-quality phishing attacks an unfortunate reality.

The good news is that this attack is extremely easy to guard against. By simply changing the default administration password for your router, you can prevent your network from becoming a victim of drive-by pharming.

Launched a mere four weeks ago, the Office 2007 consumer version was designed to withstand a higher level of scrutiny by malicious code writers. As part of Microsoft’s security development, the software was subjected to code auditing, but researchers at eEye Digital Security also used a standard process of code auditing, and were quickly able to discover a file format vulnerability in Microsoft Office Publisher 2007.

In a typical scenario, an attacker could create a malicious publisher file that, if opened by the recipient, could result in the system being infected and susceptible to a remote attack. Microsoft is investigating the vulnerability in Publisher 2007 and will provide users with further information. Given the fact that the number of devices that connect to the Internet are continuously increasing, Microsoft expects security challenges to keep emerging as well. According to eEye, while no public exploits have been reported in circulation for Publisher 2007, it should be noted that due to its recent release, the flaw may actually hold little attraction for attackers, since it’s more likely they would concentrate on software that is in greater distribution.

If your Blackberry, which is synchronized with Blackberry server, stops receiving and sending emails, it is important to verify that the device is still in the data coverage area of the service provider. This can be determined by verifying that the handheld can send Host Routing table request by performing the following steps:

On the Blackberry device, click Options.

If you are running Blackberry Device Software 3.6 or 3.7, click Network.
If you are running Blackberry Device Software 3.7.1 through 4.0.2, click Host Routing Table.
If you are running Blackberry Device Software 4.1, click Advanced Options > Host Routing Table.

Click the track wheel and select Register Now - if the device is registered with a data network, a registration message is received.