I was talking breaches last week when a very high-up joined the conversation in mid-stream. “Start over, Dave.” “OK. I’m talking about breaches.” “I know what you’re talking about,” he said, knowingly and very clearly interested.
This week, Google published a vulnerability in Windows 8.1 after a 90-day countdown timer automatically expired. Microsoft has not yet released a patch. Controversy ensued. Obviously, yes, an unpatched, well-known vulnerability in Windows is troubling. But the alternative is worse.
Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined! Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet.
Late last week Microsoft released a new version of EMET. I’ve written about EMET before and I still recommend it. EMET 5.0 adds a couple of new mitigations, tries to be harder to bypass, and offers improved compatibility, so there’s little reason not to upgrade. EMET does more than anything else I can think of […]
C’mon. You knew I’d get around to writing a response to Rick Broida’s claim that he doesn’t use antivirus software. Actually, he’s not nuts. But he’s also mistaken if he thinks he doesn’t use antivirus software. His editorial is kind of like saying, “I don’t use a web browser. I use Internet Explorer.” Although he’s […]
I can’t bribe my preschooler with a penny anymore, but, sadly, a consortium of Carnegie Mellon University, NIST and Penn State University found that 22% of respondents through Amazon’s Mechanical Turk were willing to run a dodgy unknown executable in return for a penny. Fifty-eight percent would do it for 50 cents, and 64 percent […]
I did a little more digging after getting yet another fake technical support phone call last week, and I’ve done some thinking on my own. If you want to troll these criminals when they call you, here are some ideas.
On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing. As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness.
I found a story today stating that the attackers who stole millions of credit cards from Target didn’t have to try very hard to hide. I wish I could say I was surprised. My boss says it this way: Amateurs hit as hard as they can. Professionals hit as hard as they have to. Why? […]
I installed Windows 8.1 last week to see how bad it really is. And? Well, it’s more stable than Windows Me, but Windows Me was a lot nicer to use. It’s awful. Because I listen to podcasts, I know that there’s magic in hovering your mouse over the upper right hand screen. And somehow I […]