All posts tagged vulnerability

MS14-045 isn’t a reason to stop patching

Last week, Microsoft issued a patch to address a kernel vulnerability in Windows. Then, three days later, they pulled it due to the patch causing blue screens of death and endless reboot loops. Not good. Predictably, some people are asking whether they should apply security patches. Of course I say yes. Here’s why, and more […]

USB malware: What you need to know

Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined! Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet.

I don’t want my light bulbs on the Internet

I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password. I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an […]

The Tampa Post on “Windows Service Center” scams

The Tampa Post’s technology Q&A columnist received a letter this weekend (toward the bottom of the link) about Windows tech support scammers. From the article: The people performing the hoax sound remarkably professional and officious. Depending on what you say to them, results vary a lot. When they call me, they’re anything but professional. Especially […]

The browser tradeoff

I probably ought to know better than the venture into the topic of web browsers by now, but since I stepped into it Friday, I guess there’s no point in staying in the shallow end. The problem with web browsers is that they all require you to trade one thing for another, and if anything, […]

Microsoft was wrong whether it patched XP this time or let it burn

Years ago I heard a joke that reminds me of the situation Microsoft found itself in last week with its latest IE vulnerability: If a man is alone in a forest, and there’s no woman there to hear him, is he still wrong? I was as shocked as anyone when Microsoft released just one last […]

The publicity around security is a good thing

On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing. As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness.

Passwords you need to change in Heartbleed’s wake

Heartbleed, a serious vulnerability in a piece of Internet backend software called OpenSSL, is the security story of the week. Vulnerable OpenSSL versions allow an attacker to see parts of a web session they aren’t supposed to see, including passwords in transit. Timing is critical. If a site upgrades to a new version after you […]

How to patch less

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?” The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you […]

More about Pfsense, the alternative to the crappy consumer router

I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe […]