security

Beware the Mebromi, my son: BIOS infections

Dave Farquhar security, Viruses , , , ,

Symantec has identified Mebromi. a piece of malware that not only infects the MBR, but also infects the Award BIOS. BIOS infections are very difficult to detect and eradicate.

By hooking into the BIOS, Mebromi can easily re-infect a system the next time you reboot. Which is exactly what it does. Read more

Happy Patch Tuesday, September 2011

Dave Farquhar security , , , , , , , , , , , , , , , , ,

Microsoft has five updates and Adobe has two for us on this fine Patch Tuesday, in addition to a patch Mozilla pushed out for Firefox last week.

Don’t get too complacent if you run something other than Windows. If you run Microsoft Office on a Mac, or Adobe Reader or Acrobat on a Mac, or Adobe Reader on Unix or Linux, you’re vulnerable. The vulnerabilities in those affected products are more serious than the vulnerabilities for Windows. So keep that in mind. Don’t be smug about security. It’ll bite you.

Read more

How to slipstream IE9 and hotfixes into Windows 7, step by step

Dave Farquhar security, Windows , , , ,

Normally, after you install any version of Windows, you have a ton of patching to do. And that patching takes as long, or longer, than the installation takes, while leaving the system vulnerable to exploits in the meantime. Slipstreaming your hotfixes into your installation media sidesteps those issues, and reduces fragmentation. You get a faster performing system, you get the system up and running a lot sooner, and you save a lot of unnecessary writes to your SSD.

So I wholeheartedly recommend slipstreaming.

Read more

If you’re suddenly seeing obnoxious banner ads on Facebook…

Dave Farquhar security , , ,

It’s not Facebook, it’s you. You’ve got malware.

The malware is called Page Rage and Drop Down Deals. Head to this page to disable Page Rage, and this page to uncheck everything related to Drop Down Deals. And if you’re not infected, then no, I don’t suggest visiting either of those pages. Only go there if you’re having the issue.

Once you’ve visited those two sites with every web browser on your system, then scan the living daylights out of your computer with your antivirus/antimalware software. And install Bit Defender Safego to reduce the chances of something like this happening again.

And if you hear anyone talking about how great Page Rage or Drop Down Deals are… Well, ignore them. It’s just adware, 2011 edition.

Time for some unexpected updates

Dave Farquhar security , , ,

Due to the Dutch certificate authority Diginotar being compromised, Mozilla released Firefox 6.0.2 and Microsoft released security advisory 2607712 in order to prevent those compromised SSL certificates–in layperson terms, a file that permits web servers to use https for security–from being used.

Without this step, someone could use a compromised certificate to set up a fake web site masquerading as some other web site you trust and using it for fraud.
Read more

Webserver Wednesday

Dave Farquhar Apache, security , , , , ,

Yesterday must have been Webserver Wednesdsay, because two things happened. A new version of Apache was released, and a new tool for testing the vulnerability of webservers to denial of service (DoS) was released.

Read more

A more likely use of the Medtronic exploit

Dave Farquhar Health, security , , ,

Yesterday morning, as I completed the long journey from my parking spot to my office, another more likely use of the security vulnerability in Medtronic insulin pumps occurred to me. Yes, the risks involving insulin are very real. And yes, a determined attacker could use this vulnerability to take a Medtronic owner’s life. But those chances are slim.

But nothing says this vulnerability has to be used to do mortal harm. An attacker could use it just for exploitation. And there’s enough difference that some people wouldn’t have a problem with crossing that line.
Read more

Shame on you, Medtronic

Dave Farquhar Health, security , , , , , , ,

Insulin pumps marketed by Minneapolis-based Medtronic have a serious, life-threatening security flaw, and the company couldn’t care less.

For these two reasons, this isn’t your typical security flaw, and Medtronic’s response–in 30 years, we’ve ever seen a problem that we know of–is beyond deplorable. Ford’s infamous decision to pay lawsuits rather than fix a deadly flaw in the Pinto comes to mind.
Read more

My first really bad day in IT

Dave Farquhar security, War Stories , , , , , , ,

Next weekend is Labor Day weekend. I can’t remember if it was one Thursday or two Thursdays before Labor Day weekend in 1997, but one of those two days happened to be the beginning of the first crisis of my career.

Whichever Thursday it was, it was getting close to midnight when my phone rang. It was Max. The print server wasn’t working. That happened a lot. That server had IBM’s Services for Macintosh on it, which never worked all that well, and, worse, tended to make the rest of the server act up a lot. That in and of itself shouldn’t have been a crisis. But I’m getting ahead of myself.
Read more

Watch out for this Apache bug

Dave Farquhar Apache, security ,

There is a nasty Apache exploit going around right now that exploits a vulnerability in versions 1.3.x, 2.0.x and 2.2.x. Basically, it allows the process to exhaust all available memory and crash by sending GET requests with overlapping byte ranges. The methodology seems to borrow a page from the teardrop attack. Yes, I’ve been studying for a security certification….