Last week, Microsoft issued a patch to address a kernel vulnerability in Windows. Then, three days later, they pulled it due to the patch causing blue screens of death and endless reboot loops. Not good. Predictably, some people are asking whether they should apply security patches. Of course I say yes. Here’s why, and more […]
Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined! Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet.
I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password. I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an […]
The Tampa Post’s technology Q&A columnist received a letter this weekend (toward the bottom of the link) about Windows tech support scammers. From the article: The people performing the hoax sound remarkably professional and officious. Depending on what you say to them, results vary a lot. When they call me, they’re anything but professional. Especially […]
I probably ought to know better than the venture into the topic of web browsers by now, but since I stepped into it Friday, I guess there’s no point in staying in the shallow end. The problem with web browsers is that they all require you to trade one thing for another, and if anything, […]
Years ago I heard a joke that reminds me of the situation Microsoft found itself in last week with its latest IE vulnerability: If a man is alone in a forest, and there’s no woman there to hear him, is he still wrong? I was as shocked as anyone when Microsoft released just one last […]
On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing. As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness.
Heartbleed, a serious vulnerability in a piece of Internet backend software called OpenSSL, is the security story of the week. Vulnerable OpenSSL versions allow an attacker to see parts of a web session they aren’t supposed to see, including passwords in transit. Timing is critical. If a site upgrades to a new version after you […]
One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?” The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you […]