Author: Robby Pedrica
-
Anti-virus – is there really any point?
Last weeks epic FAIL by Mcafee brings the entire Microsoft platform into perspective. It’s all broken: Symantec says that it has detected botnet infections on more than 1,100 separate computers spread across multiple subnets within the UK National Health Service (NHS) network Criminals are increasingly attempting to conceal malware embedded in hacked websites from search…
-
Critical FAIL: Mcafee update cripples Windows machines
McAfee pushed out a virus definition update, 5958, today that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure…
-
ProPublica and This American Life team up to expose investment bankers and hedge fund managers
A fascinating look into the financial crash in America and world wide: http://www.thisamericanlife.org/sites/all/play_music/play_full.php?play=405 For seven months a team of investigative journalists from ProPublica looked into a story for us, the inside story of one company that made hundreds of millions of dollars for itself while worsening the financial crisis for the rest of us. A…
-
What is Linux? and software confusion …
A recent posting on the Blog of Helios prompted me to write a short and simple definition of Linux that might be useful for current non-users of this operating system. It is however a difficult definition in the context of what people already know. And the fact of the matter is that what the general…
-
Net Neutrality – South Africa
Net Neutrality is currently, and has been for some time, a raging hot topic in the US. The FCC recently took Comcast to court for throttling customers’ bandwidth – and lost. NN basically means allowing data to flow from source to destination without interruption or alteration. But the big ISPs and carriers in America would…
-
Click-jacking 2.0
Click-jacking involves a crafted web site inserting a transparent iFrame underneath the cursor. Believing themselves to be clicking on the displayed web page, users in fact find themselves clicking on control elements (e.g. buttons) on a transparent iFrame from another website. Security expert Paul Stone demonstrated a new generation of click-jacking attacks at the recent…
-
Microsoft’s April Patch Tuesday
As part of its regular update cycle, Microsoft has released five critical, five important and one moderate risk update to fix security holes in Windows, MS Office and Exchange. The most prominent among them is the “F1 hole” in the VBScript engine for which exploits are already available on-line. Microsoft Security Bulletin Summary for April…
-
Adobe Acrobat Reader unpatched hole
According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments. The “Launch Actions/Launch File” function in Adobe…
-
Microsoft, patches and Blue Screens
Microsoft had a large Patch Tuesday in February – with an unintended side effect: large amounts of blue screens. This turned out to be due to an interaction between the Alureon rootkit and the patch for KB977165 which updates the Windows kernel. This month’s patches also contain kernel updates, and so have the same incompatibility…
-
Google hacks affect local SA users
So it seems that some South African users have been bitten by the GMail hack bug. Big Whoopy Ding! They’re not honestly using a free on-line email service for anything critical, are they? They are?!?!?! Well serves them right. I’ve written a number of articles on the security of cloud or internet-based services – my…
-
Internet etiquette
The Internet age has ‘been upon us’ for quite a number of years already – it’s a mainstream part of everyday life. The amount of people joining the web-age is increasing by 10’s of thousands of people everyday – there were 1.7 billion internet users as of the end of 2009 and my article ‘The…
-
64% of Microsoft Vulnerabilities down to the use of admin rights
While non-Microsoft users have grown up understanding the simple concept of access controls and rights within our environments for many years, the single biggest factor for bug propagation on Windows platforms is still the use of administrative rights. The truth of the matter is that prior to Vista, there was little way for a regular…
-
A flurry of app security updates
Today has been a very busy day from a security update p.o.v. Microsoft as released an update for the critical hole in IE which as been out for about 3 weeks ( iepeers.dll ) and 9 other updates which apply to various IE/Windows combinations ) the F1 attack discovered a month ago unfortunately still remains…
-
Novell wins copyright case against SCO
It seems that SCO’s litigation engine has been running for ever ( 7 years now ) and they exist only to litigate. But it appears that a jury-led decision agreeing with Novell being the rightful copyright holders of Unix, has finally put paid to any serious action by SCO. Perhaps we can all get on…
-
DNSSEC finally on the move
It looks like DNSSEC is breing implemented at the root level world-wide. Almost 2 years after the first country level signing ( .se for Sweden ), the K-, D- and E-root servers operated by RIPE, University of Maryland and NASA respectively, started root signing this week past. 7 of the 13 root servers now supply…