Tag Archives: internet explorer

The lines between white hat/gray hat/black hat hacking and moral laws

Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws?

The first question is easier than the second. So I’ll tackle that one first. Continue reading The lines between white hat/gray hat/black hat hacking and moral laws

What I did since I (temporarily) need Java

I’ve been seeing the same question over and over in my search logs lately: Is Java safe to run in 2013?

Generally speaking, the answer is no.
I have little choice but to run Java right now, though. I’m studying for a certification exam, and the best quiz program that I know of is written in Java. Its user interface is in Polish, a language I don’t speak, but that bothers me less than it being written in Java. Google Translate can help me with the Polish, but it can’t make Java safe. That’s up to me.

So here’s what I did.
Continue reading What I did since I (temporarily) need Java

Java is patched now, but still not very safe

Rapid7’s Chief Security Officer, HD Moore, estimated it will take two years for Oracle to fix all of the current issues with Java, not counting anything new that happens in that timeframe.

Futhermore, Kaspersky states that 50% of cyberattacks in 2012 utilized a Java exploit. Among those is the newly discovered Red October.

Think for a minute. Antivirus software is anywhere from 75 to 90% effective. Assuming the worst, that means the simple process of removing Java from your computer does 2/3 as much good as running antivirus software. Of course, you shouldn’t do one or the other; you should do both.

If you have a legitimate need for Java in your web browser, such as commercial intranet applications built with Java, enable Java in one and only one browser, then use that browser solely for accessing those Java-powered web sites.

But the best thing to do is just get rid of Java. And if you have something that uses Java, find something else to use.

It took Microsoft about two weeks to fix a critical vulnerability in Internet Explorer. It took Oracle five months. I never thought I’d say this, but Oracle needs to be more like Microsoft.

Yeah, you can quote me on that if you want.

But until Oracle gets religion on security like Microsoft did around 2002, we really have two choices: Avoid Oracle products whenever practical, or keep getting hacked. I’d rather you not choose the latter option.

Why the Windows firewall is OK

I wish I had a nickel for every time I’ve heard an unsubstantiated statement like “Windows firewall is junk.” I went looking, and the best I could find was this, an editorial that said it doesn’t do enough to address outbound connections, particularly on a program-by-program basis.

OK, point taken. But “enough” is a moving target.

Continue reading Why the Windows firewall is OK

Yesterday was Patch Tuesday again

I’m way too tired to do the kind of Patch Tuesday writeup I did last month, so I’ll just remind you, and hope that suffices. This month we have vulnerabilities in Windows, Internet Explorer, Silverlight, and .NET, some of which can cause remote code execution, which is a holy grail for spreading malware. So apply those updates. The Silverlight update applies to Macintoshes as well.

How to slipstream IE9 and hotfixes into Windows 7, step by step

Normally, after you install any version of Windows, you have a ton of patching to do. And that patching takes as long, or longer, than the installation takes, while leaving the system vulnerable to exploits in the meantime. Slipstreaming your hotfixes into your installation media sidesteps those issues, and reduces fragmentation. You get a faster performing system, you get the system up and running a lot sooner, and you save a lot of unnecessary writes to your SSD.

So I wholeheartedly recommend slipstreaming.

Continue reading How to slipstream IE9 and hotfixes into Windows 7, step by step

Microsoft sold 400 million Windows 7 licenses; what does it mean?

Steve Ballmer announced today that Microsoft has sold 400 million Windows 7 licenses, but anywhere from half to two-thirds of PCs are still running Windows XP and need to get with the program.

He also continues to insist Windows 8 will ship in 2012, which really makes me wonder why those XP users need to switch now. December 2012 is 17 short months away, and XP support runs until 2014. I see little need to rush out now and buy Windows 7, use it for 18-24 months, and then turn around and buy Windows 8. If XP is fulfilling users’ needs, what’s the hurry? Unless Windows 8 is going to be late, as bad as Vista, or both. But none of that can happen, right?

I’m sure the Windows 8 Police will be along to haul me away shortly for insinuating such things. But until that happens, that 400 million figure lets us do some other interesting extrapolation. Continue reading Microsoft sold 400 million Windows 7 licenses; what does it mean?