How to patch less

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”

The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.

That said, there are things you can do to patch less. Read more

Macintosh malware continues to evolve

Security experts have long warned that [Apple’s] delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right. — PC World magazine

Last week I argued that a Macintosh-based botnet currently being distributed via Word document would likely change distribution methods, perhaps to a PDF document, in order to spread itself more effectively.

That, to my knowledge, hasn’t happened, but today I learned of the above example of Mac malware doing exactly that, jumping from Java vulnerability to Java vulnerability. Read more

How to secure a computer like a spook

A link to the National Security Agency’s (NSA) guidance on hardening operating systems has been floating around various blogs today. But the NSA’s guidance on configuring Windows 7 and other recent operating systems is, to put it mildly, a bit incomplete.

What one government agency doesn’t do, another probably does. That’s usually a safe assumption at least. Enter the Defense Information Systems Agency (DISA). If you want to harden recent Windows operating systems, visit http://iase.disa.mil/stigs/index.html for guidance.
Read more

WordPress Appliance - Powered by TurnKey Linux