Category: Computer Tech
-
Net Neutrality – South Africa
Net Neutrality is currently, and has been for some time, a raging hot topic in the US. The FCC recently took Comcast to court for throttling customers’ bandwidth – and lost. NN basically means allowing data to flow from source to destination without interruption or alteration. But the big ISPs and carriers in America would…
-
Click-jacking 2.0
Click-jacking involves a crafted web site inserting a transparent iFrame underneath the cursor. Believing themselves to be clicking on the displayed web page, users in fact find themselves clicking on control elements (e.g. buttons) on a transparent iFrame from another website. Security expert Paul Stone demonstrated a new generation of click-jacking attacks at the recent…
-
Microsoft’s April Patch Tuesday
As part of its regular update cycle, Microsoft has released five critical, five important and one moderate risk update to fix security holes in Windows, MS Office and Exchange. The most prominent among them is the “F1 hole” in the VBScript engine for which exploits are already available on-line. Microsoft Security Bulletin Summary for April…
-
Adobe Acrobat Reader unpatched hole
According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments. The “Launch Actions/Launch File” function in Adobe…
-
Microsoft, patches and Blue Screens
Microsoft had a large Patch Tuesday in February – with an unintended side effect: large amounts of blue screens. This turned out to be due to an interaction between the Alureon rootkit and the patch for KB977165 which updates the Windows kernel. This month’s patches also contain kernel updates, and so have the same incompatibility…
-
Google hacks affect local SA users
So it seems that some South African users have been bitten by the GMail hack bug. Big Whoopy Ding! They’re not honestly using a free on-line email service for anything critical, are they? They are?!?!?! Well serves them right. I’ve written a number of articles on the security of cloud or internet-based services – my…
-
Internet etiquette
The Internet age has ‘been upon us’ for quite a number of years already – it’s a mainstream part of everyday life. The amount of people joining the web-age is increasing by 10’s of thousands of people everyday – there were 1.7 billion internet users as of the end of 2009 and my article ‘The…
-
64% of Microsoft Vulnerabilities down to the use of admin rights
While non-Microsoft users have grown up understanding the simple concept of access controls and rights within our environments for many years, the single biggest factor for bug propagation on Windows platforms is still the use of administrative rights. The truth of the matter is that prior to Vista, there was little way for a regular…
-
A flurry of app security updates
Today has been a very busy day from a security update p.o.v. Microsoft as released an update for the critical hole in IE which as been out for about 3 weeks ( iepeers.dll ) and 9 other updates which apply to various IE/Windows combinations ) the F1 attack discovered a month ago unfortunately still remains…
-
Novell wins copyright case against SCO
It seems that SCO’s litigation engine has been running for ever ( 7 years now ) and they exist only to litigate. But it appears that a jury-led decision agreeing with Novell being the rightful copyright holders of Unix, has finally put paid to any serious action by SCO. Perhaps we can all get on…
-
DNSSEC finally on the move
It looks like DNSSEC is breing implemented at the root level world-wide. Almost 2 years after the first country level signing ( .se for Sweden ), the K-, D- and E-root servers operated by RIPE, University of Maryland and NASA respectively, started root signing this week past. 7 of the 13 root servers now supply…
-
Microsoft virtualisation changes
Microsoft has announced Dynamic Memory and RemoteFX which directly affects their desktop virt platform. Dynamic memory allows users to adjust the memory of a guest virtual machine on demand. IT administrators will thus be able to pool all the memory available on a physical host and dynamically distribute it to virtual machines running on that…
-
Windows 7 XP mode no longer requires hardware virt
Microsoft will be removing the hardware virtualisation extensions requirement with the next update of XP mode. The updates are available here: win 7 32-bit win 7 64-bit Intel’s mechanism is know as VT-x while AMD’s is called AMD-V. There are pros and cons with this change: con – hardware virt extensions allow a CPU to…
-
XStore web services downtime
Date: Saturday, 13th March 2010, 11.15am Duration: 30 minutes Updates: mysql 5.0.81 -> 5.1.44 apache 2.2.13 -> 2.2.15 php 5.2.9 -> 5.2.13
-
Botnets take a beating
Almost a quarter of the command and control servers ( cnc ) related to the Zeus botnet have gone quiet after 2 East European providers dropped access to a downstream ISP called Troyak on Tuesday. According to ScanSafe, a web security firm, the number of active servers dropped from 249 to 191, resulting in a…