All posts tagged vulnerability

How to patch less

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?” The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you […]

More about Pfsense, the alternative to the crappy consumer router

I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe […]

Consumer routers are the security vulnerability of the year, so far

Today I found an article in PC World that gives a somber assessment of the state of consumer routers, like the device that probably sits between you and the Internet. I’m glad this is getting attention. There’s a lot more to it than what’s in the PC World article, but I’ve droned enough about what’s […]

Read this if you have a D-Link router

Leave it to a security vulnerability to interrupt a perfectly good discussion, but it doesn’t get much worse than this. If you have an older D-Link router, it’s possible to completely bypass the authentication on its administrative web interface.

The trouble with routers

I see the advice going around, again, to disable the Windows firewall and rely on an external router, the justification being that it makes your computer “invisible.” It doesn’t. Only IPV6 can do that–and then, only if you don’t use it for anything. The trouble with that advice is that there are botnets targeting routers. […]

Reports of the Droidpocalypse have been greatly exaggerated

I was listening to the excellent Risky Business analysis of the Droidpocalypse  this week, and I’m happy to report that the vulnerability that affects 90% of Android devices ever made, while serious, is vastly overstated.

EMET protects against what your antivirus cannot–and it’s free

A few years ago, Microsoft quietly released a security tool called EMET–the Enhanced Mitigation Experience Toolkit. EMET is now in version 4.0, and it’s probably the best security tool you’ve never heard of. And that’s a real shame. Modern versions of Windows and modern CPUs include several security-enhancing technologies that aren’t necessarily switched on by […]

If you use a Linksys router, you need to drop everything now and upgrade it

If you own a Linksys WRT54GL or EA2700 router, both devices have serious security vulnerabilities. Serious enough that the only way to continue using them safely is to load an alternative firmware such as DD-WRT on them. That’s not entirely a bad thing; DD-WRT is more capable, and unlike most consumer-oriented firmware, allows you to […]

And the most security-riddled program of 2012 was….

Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge. I was actually surprised at who the top three were. They weren’t the three usual suspects. But in […]

And this is why I’ve been saying to uninstall Java, rather than disable it

Apple just uncovered and fixed a vulnerability that allowed an exploit to re-enable Java in a browser when it’s been disabled, which then of course allows a litany of exploits. There are two lessons here. Macintoshes are hackable just like any other device, and latent software can be re-enabled. If you don’t think someone’s trying […]

Switch to our mobile site