One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?” The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you […]
Today I found an article in PC World that gives a somber assessment of the state of consumer routers, like the device that probably sits between you and the Internet. I’m glad this is getting attention. There’s a lot more to it than what’s in the PC World article, but I’ve droned enough about what’s […]
I was listening to the excellent Risky Business analysis of the Droidpocalypse this week, and I’m happy to report that the vulnerability that affects 90% of Android devices ever made, while serious, is vastly overstated.
A few years ago, Microsoft quietly released a security tool called EMET–the Enhanced Mitigation Experience Toolkit. EMET is now in version 4.0, and it’s probably the best security tool you’ve never heard of. And that’s a real shame. Modern versions of Windows and modern CPUs include several security-enhancing technologies that aren’t necessarily switched on by […]
Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge. I was actually surprised at who the top three were. They weren’t the three usual suspects. But in […]
Apple just uncovered and fixed a vulnerability that allowed an exploit to re-enable Java in a browser when it’s been disabled, which then of course allows a litany of exploits. There are two lessons here. Macintoshes are hackable just like any other device, and latent software can be re-enabled. If you don’t think someone’s trying […]