security

Macintosh malware continues to evolve

Dave Farquhar Macintosh, security , , , , , , ,

Security experts have long warned that [Apple’s] delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right. — PC World magazine

Last week I argued that a Macintosh-based botnet currently being distributed via Word document would likely change distribution methods, perhaps to a PDF document, in order to spread itself more effectively.

That, to my knowledge, hasn’t happened, but today I learned of the above example of Mac malware doing exactly that, jumping from Java vulnerability to Java vulnerability. Read more

Don’t call the war on hackers unwinnable

Dave Farquhar security , , , , , , , ,

John C Dvorak asks what war we’re waging on hackers. While war may not be the best choice of words, because it’s not exactly a conventional war, there’s no question there’s something going on, and we’re not winning it right now.

The latest salvo is that someone in China is building a botnet using Macintoshes. Read more

End of the innocence for Mac security

Dave Farquhar Macintosh, security , , , , , , , , , , , , , , , , , ,

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Securing wi-fi isn’t about price gouging

Dave Farquhar security , , , , , , , , ,

The so-called wi-fi golden era is over, and apparently being glad about it makes me an absolutist.

But John C. Dvorak is wrong. This isn’t about making people pay for Internet access. It’s pure security. Toilets and drinking fountains are free because the majority of people don’t abuse them. The Internet can’t be wide open and free like a public restroom because when it was totally wide open and free in the 1990s, too many people abused it. Read more

Don’t give prospective employers your Facebook password

Dave Farquhar security ,

I’ve read multiple stories this week about potential employers demanding that interviewees hand over their Facebook passwords during the job interview so they can snoop around.

There’s no good reason for this.
Read more

There’s a 61% chance the Adobe software you run at work is out of date

Dave Farquhar security , , , , , ,

I read this week that 61% of Adobe Reader installations in workplaces is out of date.

That’s very bad. Very, very bad. Because Adobe Reader is trivially easy to exploit, and there’s more sensitive information to steal on corporate PCs than there is on home PCs.

Read more

Apply your monthly patches just as soon as you can

Dave Farquhar security, Windows , , , , , ,

There are only six patches in this month’s edition of Patch Tuesday, and only one of them is critical, but it’s a big one.

The critical patch fixes a flaw in Remote Desktop Protocol, something typically only present in the business-oriented flavors of Windows. But if you don’t know whether you’re affected, it behooves you to let Windows update whatever it wants to update. Read more

Unix-to-Windows copies with PSCP

Dave Farquhar Linux, security, Windows , , , , ,

I’ve been moving files between Linux servers, and to and from Windows boxes, as part of my server migration. I started to write about how I’ve been doing it, but it seemed oddly familiar.

Yep, I’ve written about SCP and its Windows port, PSCP, before. Do this long enough and you find yourself repeating yourself.

Read more

The old days of viruses

Dave Farquhar security, Viruses , , , , , , , , , , , , , , , ,
The old days of viruses

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

Don’t use Password1 as your password

Dave Farquhar security ,

CNN reported yesterday that Password1 is the most common password in business environments. It’s the simplest password that meets common “complexity” requirements. It illustrates the problem with complexity requirements–a password can meet those requirements while still being extremely predictable.

As such, those passwords can be easy to guess, and they cast doubt on the entire idea of complexity.

Read more