malware

Firefox disables out-of-date Java plugins

Dave Farquhar security , ,

Firefox is advising users to disable vulnerable Java versions on Windows. I actually saw this in action on a machine yesterday–a machine that has to run a slightly dated version of the JRE because a vendor hasn’t certified their product with the current version yet. Read more

Macintosh malware continues to evolve

Dave Farquhar Macintosh, security , , , , , , ,

Security experts have long warned that [Apple’s] delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right. — PC World magazine

Last week I argued that a Macintosh-based botnet currently being distributed via Word document would likely change distribution methods, perhaps to a PDF document, in order to spread itself more effectively.

That, to my knowledge, hasn’t happened, but today I learned of the above example of Mac malware doing exactly that, jumping from Java vulnerability to Java vulnerability. Read more

End of the innocence for Mac security

Dave Farquhar Macintosh, security , , , , , , , , , , , , , , , , , ,

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Securing wi-fi isn’t about price gouging

Dave Farquhar security , , , , , , , , ,

The so-called wi-fi golden era is over, and apparently being glad about it makes me an absolutist.

But John C. Dvorak is wrong. This isn’t about making people pay for Internet access. It’s pure security. Toilets and drinking fountains are free because the majority of people don’t abuse them. The Internet can’t be wide open and free like a public restroom because when it was totally wide open and free in the 1990s, too many people abused it. Read more

Apply your monthly patches just as soon as you can

Dave Farquhar security, Windows , , , , , ,

There are only six patches in this month’s edition of Patch Tuesday, and only one of them is critical, but it’s a big one.

The critical patch fixes a flaw in Remote Desktop Protocol, something typically only present in the business-oriented flavors of Windows. But if you don’t know whether you’re affected, it behooves you to let Windows update whatever it wants to update. Read more

The old days of viruses

Dave Farquhar security, Viruses , , , , , , , , , , , , , , , ,

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

Remembering Michelangelo

Dave Farquhar security , , , , , , , ,

Yesterday was the 20th anniversary of the Michelangelo virus. If you don’t remember, on March 6, 1992, Michelangelo was programmed to overwrite the first 100 sectors of a hard drive–not quite as destructive as formatting a drive, but to the average user, the effect is the same. It was a huge scare–John McAfee predicted five million computers would be affected–but largely was a non-event.

Those of you studying for security certifications would do well to remember that Michelangelo is a prime example of a virus and a logic bomb. Viruses replicate; logic bombs do something when an event triggers. Malware doesn’t always fit neatly into specific categories–crossovers are common.
Read more

Customize Firefox before it hits the ground on a new PC

Dave Farquhar Software , , , , ,

Here’s a nifty-looking program: Firefox Addon Maker, which allows you to create customized Firefox installer packages.

This is helpful if you install Firefox a lot, whether in corporate or home settings.
Read more

This is why you disable stuff you don’t think you need

Dave Farquhar security , ,

This is going to sound like gloating, so I’m going to apologize for that right up front. A few weeks ago, I recommended you keep WPS disabled except for brief intervals for convenience. I had no specific reason in mind. Just in case. Just in case, you know, a vulnerability in WPS got discovered.

Well, one got discovered.

Read more

Adblock Plus adds an option for allowable ads

Dave Farquhar Software ,

Adblock Plus, starting with version 2.0, is going to start allowing acceptable ads, something I see as a good thing.

I’m not against advertising–I use it on my own site. I’d prefer not to have an all-or-nothing approach to ad blocking. In fact, I only started blocking ads when I started getting malware that I expected was coming from booby-trapped ads. I stopped getting the malware when I started blocking all ads, so draw your own conclusions.
Read more