It’s quite a dilemma when a software product is billed as more secure than another…. several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment “I thought firefox was supposed to be secure.” I think there’s a misunderstanding when it comes to software. I think the misunderstanding is that one piece of software can be secure and another not. Out of the box. Let’s take a stab at clarifying…. Security is not a product, it’s not a feature, it’s a way of doing things. Along those lines….
Category: Security
-
Big trouble – you don’t have any viruses….
You know, I’ve seen soooo many antivirus vendors that are somewhat ethically challanged claim that cookie files are a big threat, or in worse cases files that the “free” antivirus test downloaded are dangerous “you should be glad we got here in time – where’s our $30 to fix things…” kind of message, but from a mainline, well known antivirus vendor you expect better…. Over at Spyware Confidential, after an online scan at a leading AV vendor, they’ve received a couple of emails explaining the great danger their computer is in after the scan turned up 0 viruses and 0 infected files.
-
New malware sightings
Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.
-
The security of remote tech support (ultravnc sc or x11vnc with wrapper script)
Well, I’ve got a nice way of doing “easy” one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see the biggest vulnerability for the computer running the listening vncviewer (because it HAS to be available to the outside world.) That means the tech support desk must keep on top of vncviewer updates and keep the service turned off when not expecting a client connection. The other question that comes to mind is encryption though….
-
Big Go-Daddy hosting attack
In what feels like a continuation of recent bad news related to major hacks and data losses…..George Ou reports on a BIG hack of GoDaddy hosting customers. There was also a big hack-athon by Turkish hackers over the last week that will be recorded as the biggest mass-web-site-defacement on record… There seems to be a lot of GoDaddy customers hacked by the very same method….
-
Firefox 1.5.0.4 out….
I haven’t seen news to this yet, just found it on Mozilla.com, but the 1.5.0.4 release of firefox seems to have been released sometime today. (1.5.0.4 of Thunderbird was announced earlier today.) I don’t know how quick Google is at directing to the new version of firefox, but I’ll include a link in this message for those of you that don’t have it…. Firefox is a very nice customizable, free (open source) web browser that I’ve found many people prefer to Internet Explorer for a number of reasons….
-
Circuit City Support forum serving up trojan….
Embarrasing…. and a big pain in the neck for any of their visitors… It seems as though if you’ve visited Circuit City’s Support Forum with an unpatched Internet Explorer, you likely have a trojan/backdoor of some sort on your pc. (Assuming Explorer hasn’t been patched since January. In reality – if you haven’t updated explorer since then, there are likely SEVERAL backdoors. Call someone to work on it….)
-
Ernst & Young loses laptop, exposes almost 250k hotels.com customers – database mayhem roundup
The Register is reporting on Ernst & Young’s loss of a laptop which had information on around 243,000 hotels.com customers. Apparently Hotels.com was notified on May 3rd. Apparently the laptop made use of a password as the only security measure. From the article….
-
Wiping data from hard drives
How often do I get to talk about this? Yahoo News has an article on a couple who, a year ago, took their PC to Best Buy to have the hard drive swapped. Best Buy assured them that the drive would be destroyed…. Recently they got a call from a guy in Chicago that had bought a hard drive at a flea market. It had their data on it and he wondered if they wanted it or if he should wipe the data. OK – there’s this really good utility Dariks Boot and Nuke (DBAN) that can thoroughly wipe a hard drive. I know the couple in this article had taken their drive to someone else, but….
-
Windows Automatic Updates now checking Genuine Advantage…
According to ibnlive.com started today (June 1st) Microsoft will be utilizing their Genuine Advantage check through the Automatic Update feature. Up until now, you have only been prompted for the Genuine Advantage check when visiting the Windows update site directly. (I can only assume the Genuine Advantage check is the method the article speaks of to verify if you have a licensed copy of windows.) Essentially, they say they will not be taking details like name/address, but they will nag you that you have a pirated copy of Windows and updates will not be available.