Tag: security
-
All root servers now offering DNSSEC
Verisign’s J root server was switched over to DNSSEC yesterday bringing the entire authoritative DNS system onto the new security platform. Alhough all the root servers are serving a signed version of the root zone, these are not yet able to be validated as the public key has not yet been disclosed. This allows the…
-
Anti-virus – is there really any point?
Last weeks epic FAIL by Mcafee brings the entire Microsoft platform into perspective. It’s all broken: Symantec says that it has detected botnet infections on more than 1,100 separate computers spread across multiple subnets within the UK National Health Service (NHS) network Criminals are increasingly attempting to conceal malware embedded in hacked websites from search…
-
Critical FAIL: Mcafee update cripples Windows machines
McAfee pushed out a virus definition update, 5958, today that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure…
-
Net Neutrality – South Africa
Net Neutrality is currently, and has been for some time, a raging hot topic in the US. The FCC recently took Comcast to court for throttling customers’ bandwidth – and lost. NN basically means allowing data to flow from source to destination without interruption or alteration. But the big ISPs and carriers in America would…
-
Microsoft’s April Patch Tuesday
As part of its regular update cycle, Microsoft has released five critical, five important and one moderate risk update to fix security holes in Windows, MS Office and Exchange. The most prominent among them is the “F1 hole” in the VBScript engine for which exploits are already available on-line. Microsoft Security Bulletin Summary for April…
-
Adobe Acrobat Reader unpatched hole
According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments. The “Launch Actions/Launch File” function in Adobe…
-
Microsoft, patches and Blue Screens
Microsoft had a large Patch Tuesday in February – with an unintended side effect: large amounts of blue screens. This turned out to be due to an interaction between the Alureon rootkit and the patch for KB977165 which updates the Windows kernel. This month’s patches also contain kernel updates, and so have the same incompatibility…
-
Google hacks affect local SA users
So it seems that some South African users have been bitten by the GMail hack bug. Big Whoopy Ding! They’re not honestly using a free on-line email service for anything critical, are they? They are?!?!?! Well serves them right. I’ve written a number of articles on the security of cloud or internet-based services – my…
-
Internet etiquette
The Internet age has ‘been upon us’ for quite a number of years already – it’s a mainstream part of everyday life. The amount of people joining the web-age is increasing by 10’s of thousands of people everyday – there were 1.7 billion internet users as of the end of 2009 and my article ‘The…
-
64% of Microsoft Vulnerabilities down to the use of admin rights
While non-Microsoft users have grown up understanding the simple concept of access controls and rights within our environments for many years, the single biggest factor for bug propagation on Windows platforms is still the use of administrative rights. The truth of the matter is that prior to Vista, there was little way for a regular…
-
A flurry of app security updates
Today has been a very busy day from a security update p.o.v. Microsoft as released an update for the critical hole in IE which as been out for about 3 weeks ( iepeers.dll ) and 9 other updates which apply to various IE/Windows combinations ) the F1 attack discovered a month ago unfortunately still remains…
-
DNSSEC finally on the move
It looks like DNSSEC is breing implemented at the root level world-wide. Almost 2 years after the first country level signing ( .se for Sweden ), the K-, D- and E-root servers operated by RIPE, University of Maryland and NASA respectively, started root signing this week past. 7 of the 13 root servers now supply…
-
The Microsoft Tax
The headline phrase typically refers to the buying of computers with Windows pre-installed by the OEM vendor when you don’t need or want it. I.e. you’ve paid more for the machine ( because it includes Windows ) when you aren’t going to use it. Unfortunately this time it refers to you, a citizen, paying extra…
-
Remember that 17-year old bug in Windows …
… I spoke about in late January? Well Microsoft has finally come out and acknowledged it. Over a month later. Well actually 9 months later. The hole, which originated with the release of Windows NT back in 1993 and is present in every 32-bit version of Windows since, including Windows 7, was discovered by Tavis…
-
Another IE hole
Another flaw has been found in versions 7 and 8 of Internet Explorer running on Windows XP. There’s an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines. Microsoft says an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and…