Leave it to a security vulnerability to interrupt a perfectly good discussion, but it doesn’t get much worse than this. If you have an older D-Link router, it’s possible to completely bypass the authentication on its administrative web interface.
I was listening to the excellent Risky Business analysis of the Droidpocalypse this week, and I’m happy to report that the vulnerability that affects 90% of Android devices ever made, while serious, is vastly overstated.
A few years ago, Microsoft quietly released a security tool called EMET–the Enhanced Mitigation Experience Toolkit. EMET is now in version 4.0, and it’s probably the best security tool you’ve never heard of. And that’s a real shame. Modern versions of Windows and modern CPUs include several security-enhancing technologies that aren’t necessarily switched on by […]
Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge. I was actually surprised at who the top three were. They weren’t the three usual suspects. But in […]
Apple just uncovered and fixed a vulnerability that allowed an exploit to re-enable Java in a browser when it’s been disabled, which then of course allows a litany of exploits. There are two lessons here. Macintoshes are hackable just like any other device, and latent software can be re-enabled. If you don’t think someone’s trying […]
Did you know Adobe released three Flash updates this month? And that every last one of them was absolutely, positively necessary? (At the time. They’re cumulative.) Seriously, you need a computer to keep track of all this stuff. Secunia PSI is a free program to keep track of these updates and pull them down and […]
Rapid7′s Chief Security Officer, HD Moore, estimated it will take two years for Oracle to fix all of the current issues with Java, not counting anything new that happens in that timeframe. Futhermore, Kaspersky states that 50% of cyberattacks in 2012 utilized a Java exploit. Among those is the newly discovered Red October. Think for […]
In case you haven’t seen, there’s a terrible unpatched vulnerability in Java right now that baddies are using to install randomware on PCs. Then, this morning, I saw that Oracle has known about this vulnerability since August, and hasn’t bothered to fix it properly yet. That should be criminal negligence, but the rules are different […]