All posts tagged vulnerability

This should go without saying: Upgrade your WordPress!

Apparently, 86% of WordPress blogs haven’t been upgraded yet to version 4.0 or 4.01, because they are vulnerable to a terrible cross-site scripting vulnerability. If you’re reading this, and you have a WordPress blog, go update it. This post will still be here when you’re done.

Retracing the Home Depot attackers’ steps

New details emerged on the Home Depot attack that left 56 million consumers with compromised credit cards. The interesting thing in the new details is that it could have been much worse, but maybe not for reasons immediately obvious.

How to succeed as an IT contractor

I met a young IT contractor a little while back. His talent was sky high, and his potential was matched only by his rawness. It’s not my place to go into great detail about that rawness, but one thing I noticed about him was that he had a very self-defeating attitude about him. Several times […]

CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day. “What, Cygwin’s bash?” I asked. “No, in CMD.EXE.” I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those […]

Bash is worse than heartbleed! Oh noes!

A really bad remote code execution bug surfaced yesterday, in Bash–the¬†GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the […]

More Home Depot details emerge

Late last week, Home Depot finally released a statement¬†about its data breach. At least they had the decency to call the attack “custom” and not spin it as “advanced” or “sophisticated.” Even “custom” is really a euphemism, as the attack wasn’t all that different from what other retailers experienced earlier in the year. It may […]

MS14-045 isn’t a reason to stop patching

Last week, Microsoft issued a patch to address a kernel vulnerability in Windows. Then, three days later, they pulled it due to the patch causing blue screens of death and endless reboot loops. Not good. Predictably, some people are asking whether they should apply security patches. Of course I say yes. Here’s why, and more […]

USB malware: What you need to know

Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined! Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet.

I don’t want my light bulbs on the Internet

I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password. I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an […]

The Tampa Post on “Windows Service Center” scams

The Tampa Post’s technology Q&A columnist received a letter this weekend (toward the bottom of the link) about Windows tech support scammers. From the article: The people performing the hoax sound remarkably professional and officious. Depending on what you say to them, results vary a lot. When they call me, they’re anything but professional. Especially […]