Monthly patches and upgrades don’t always go well, but getting them down is increasingly critical, especially for applications like Flash, Reader, and the major web browsers. This week I called it “the new firewall.” Twenty years ago, home users almost never bothered with firewalls. My first employer didn’t bother with them either. That changed in […]
I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected. I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not […]
I’ve been seeing a lot of news this week about web browser plugins getting exploited to plant malware on computer systems. A lot of people know to keep Flash up to date, and to keep Java up to date or uninstall it–at least I hope so by now–but there are two targets that people generally […]
“Oh, so you think you’re Mr. Genius Man,” the crackly voice said, drowned out by static caused by his cheap VOIP connection. “Enjoy your broken computer, Mr. Genius Man. Goodbye, Mr. Genius Man.” So ended 23 minutes of my life that I’ll never get back, but I figure it’s 23 minutes he wasn’t spending scamming […]
I was listening to an interview between Paul Asadorian (of Pauldotcom fame) and Cigital CTO and software security expert Gary McGraw. They discussed how the target of attacks moved from Microsoft to Adobe and now that Adobe is showing signs of getting its act together, it’s going somewhere else. “If I were Nvidia,” McGraw said, […]
Here’s some stuff I’ve found in recent weeks that I never got around to posting, so I’ll just round it all up briefly.
There’s an exploit in Flash, on all platforms, being actively exploited in the wild. Adobe rushed out an update. See more at Ars Technica. It allows remote code execution, so this one is as bad as it gets. Installing EMET is a potential mitigation against Flash exploits, so if you’re running Windows, protecting Flash with […]
As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, […]
I wish I’d posted this last week, since many of us see one set of relatives at Thanksgiving and a different set at Christmas (and perhaps New Year’s). Here are things you can do as preventative maintenance for relatives whose computers could use a little help.