Tag Archives: internet explorer

How I accidentally found a way to mess with “Peggy”

“Peggy” from “Computer Support Department” just won’t give up. He called me again at about 8 PM this evening. This time, I played along. I had a thrift-store junker PC for him to infect with his malware. The only problem was, the hard drive wasn’t connected and neither was the power cord. So I quickly hooked all that up, booted up, and then played along.

“I want you to click on Internet Explorer.”

“OK.”

“What do you see?”

“Page cannot be found.”

Thus I learned that Peggy isn’t very good at troubleshooting network issues. Continue reading How I accidentally found a way to mess with “Peggy”

A treasure trove of training material

Need to improve your security skills? Need a refresher course to brush up on some skills you haven’t used in a while? Or are you just looking for some CPEs or CEUs to keep your certification valid?

The United States Department of Defense offers a great deal of security training, much of which is freely available to all comers. Your tax dollars paid for it, so don’t feel bad about using it. Besides, if you use it to improve your networks, then your networks are less likely to become a source of attack on government networks, so they’re happy for you to use most of it.

Here’s a hint: Anything that isn’t viewable by the general public is marked ” *(DoD PKI Cert req’d).” If you don’t see that marking, then it’s free for you to view. Just click the link marked “Launch Training.” Continue reading A treasure trove of training material

And the most security-riddled program of 2012 was….

Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge.

I was actually surprised at who the top three were. They weren’t the three usual suspects. But in the case of the top two, they did, to their credit, roll out fixes within 30 days of disclosure.

So now that I’m killing you with suspense….
Continue reading And the most security-riddled program of 2012 was….

Internet Explorer 10 is out for Windows 7

Microsoft finally released IE10 for Windows 7 after a long development cycle. Conspiracy theorists think it had something to do with Windows 8 sales. Whatever the reason was, it’s out.

Allegedly, you can slipstream it using these official instructions. I’ll give it a whirl the next time I have to install Windows 7. If you want to slipstream all the other updates, here’s how. You can skip the IE9 part if you slipstream IE10.

The lines between white hat/gray hat/black hat hacking and moral laws

Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws?

The first question is easier than the second. So I’ll tackle that one first. Continue reading The lines between white hat/gray hat/black hat hacking and moral laws

What I did since I (temporarily) need Java

I’ve been seeing the same question over and over in my search logs lately: Is Java safe to run in 2013?

Generally speaking, the answer is no.
I have little choice but to run Java right now, though. I’m studying for a certification exam, and the best quiz program that I know of is written in Java. Its user interface is in Polish, a language I don’t speak, but that bothers me less than it being written in Java. Google Translate can help me with the Polish, but it can’t make Java safe. That’s up to me.

So here’s what I did.
Continue reading What I did since I (temporarily) need Java

Java is patched now, but still not very safe

Rapid7’s Chief Security Officer, HD Moore, estimated it will take two years for Oracle to fix all of the current issues with Java, not counting anything new that happens in that timeframe.

Futhermore, Kaspersky states that 50% of cyberattacks in 2012 utilized a Java exploit. Among those is the newly discovered Red October.

Think for a minute. Antivirus software is anywhere from 75 to 90% effective. Assuming the worst, that means the simple process of removing Java from your computer does 2/3 as much good as running antivirus software. Of course, you shouldn’t do one or the other; you should do both.

If you have a legitimate need for Java in your web browser, such as commercial intranet applications built with Java, enable Java in one and only one browser, then use that browser solely for accessing those Java-powered web sites.

But the best thing to do is just get rid of Java. And if you have something that uses Java, find something else to use.

It took Microsoft about two weeks to fix a critical vulnerability in Internet Explorer. It took Oracle five months. I never thought I’d say this, but Oracle needs to be more like Microsoft.

Yeah, you can quote me on that if you want.

But until Oracle gets religion on security like Microsoft did around 2002, we really have two choices: Avoid Oracle products whenever practical, or keep getting hacked. I’d rather you not choose the latter option.

Why the Windows firewall is OK

I wish I had a nickel for every time I’ve heard an unsubstantiated statement like “Windows firewall is junk.” I went looking, and the best I could find was this, an editorial that said it doesn’t do enough to address outbound connections, particularly on a program-by-program basis.

OK, point taken. But “enough” is a moving target.

Continue reading Why the Windows firewall is OK