zundel

Thursday 25

Linux vulnerabilty

Filed under: Open source, Security — Tags: , — zundel @ am

Much in the news lately about a vulnerability in recent Linux kernels.

If you use a kernel before 2.6.39 you have no problem.
Stable distributions like Debian 6 and Ubuntu 10 have no problem.
(/proc/version)

Patches released and in the process of release for newer versions.

The kernel gets careful development, but still people do make errors.

Yet another argument for using stable distributions.

Friday 19

Et tu McAfee?

Filed under: Computers, Security — Tags: , — zundel @ pm

McAfee customers used to spread spam

McAfee’s Security-as-a-Service product Total Protection allowed attackers to use customers’ computers as spam relays.

They fixed it, but it should never have happened.
And only customer complaints brought the bug to their attention.

Wait, there’s more:

Critical hole in McAfee products still open after more than 180 days – Update

Great job auditing your code guys.
No one has every had any security problems with ActiveX?

Just don’t allow ActiveX on your systems.
Or McAfee.
Or …

Thursday 18

Quis custodiet ipsos custodes?

Filed under: Computers, Security — Tags: , , — zundel @ pm

Quis custodiet ipsos custodes?

There is no security through obscurity.

Symantec admits to more exposed code

Symantec’s code got taken, and now we have reason to doubt the security and usefulnes of their products, such as: Norton Internet Security, Norton Utilities, Norton GoBack, and pcAnywhere. We also have reason to doubt Symantec’s competence. If they cannot protect themselves, how can they protect you?

If you cannot publish the source code openly and still have a secure product, then your product is only as secure as your ability to keep it secret.

Symantec says hackers stole source code in 2006

Yet Laura DiDio, an analyst with ITIC who helps companies evaluate security software, said that Symantec’s customers should be concerned about the potential for hackers to use the stolen source code to figure out how to defeat some of the protections in Symantec’s software.

Many eyes make all bug shallow.

The bad guys now have the code.
If everyone had seen the code all along,
the good guys could have fixed the vulnerabilities in the code.

RSA got owned last year. Supposedly the very best at security had a very serious breach, the full consequences we don’t yet know and probably never will.

Then there’s the black farce of HBGary and defense and government attempts at security.

As I wrote in the takeaway: “If you need security, don’t use anything these guys mentioned.”

If you like the product on the supermarket shelf that implies it will make you look young and beautiful (whether cereal or shampoo) you’ll love the security in a box at Office Depot or for download. You can no more buy security than you can buy youth. Stop falling for the silicon snake oil.

Update:
Symantec discovered (admitted) that source code stolen in 2006 does compromise the security of their product. Symantec now recommends disabling pcAnywhere until they release a final set of updates.

Symantec publishes pcAnywhere security recommendations

In addition, an attacker with cryptography knowledge could conduct man-in-the-middle attacks on encrypted connections and create unauthorised connections to remote machines, thereby potentially gaining access to whole networks.

Saturday 357

Mozilla to the rescue

Filed under: Android, Computers, Open source, Security — Tags: , , — zundel @ am

English: This is a icon for Firefox Web Browser.
The Firefox web browser has had a great year. It keeps getting better and better.

The upcoming projects of Mozilla, the makers of the Firefox, promise to help promote an open and free internet.

You knew the old Moxzilla, now meet the new Mozilla

Mozilla’s 3 bold bets to keep the Web open

Tuesday 353

Windows critical vulnerability

Filed under: Security — Tags: , , , , , — zundel @ am

Highly critical zero day vulnerability in Windows discovered

Just when I had begun to think that Windows 7 didn’t suck.
My mistake in thinking gets corrected.
They still can’t write secure and reliable software.

If you value your time and security, stop using Microsoft software.

We thought the days of the Blue Screen of Death had passed. Hah.
Could we have a new and improved Windows that at least changes the color?

The bug is in Windows, not Safari.
It will crash the system.
And could allow serious security breaches.

Most of the internet runs on Linux.
The majority of business servers run Linux.
The computer in front of you can run Linux. Mine does.
Fast, secure, and easy to use.

Try these:
Kubuntu (lovely, capable, and easy desktop)
Debian (rock solid server and a nice desktop)
openSuSE (stable & up-to-date)

Thursday 341

Use a differnt pdf viewer, always

Filed under: Security — Tags: , — zundel @ am

Security Advisory for Adobe Reader and Acrobat

A critical vulnerability has been identified in Adobe Reader …
This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

No fix until next week.

But why use targeted and repeatedly vulnerable Adobe software. Lots of alternatives exist.

Friday 139

Screw Apple

Filed under: Computers, Security — Tags: , , — zundel @ am

Apple has instructed employees to neither acknowledge nor fix malware on Macs.

Malware on the Mac: is there cause for concern? Ars investigates

Wednesday 109

iPhone tracking

Filed under: Security — Tags: , , , , — zundel @ am

iPhone keeps record of everywhere you go

Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

Only the iPhone records the user’s location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file […]. “Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any,” said Warden. “We haven’t come across any instances of other phone manufacturers doing this.”

iPhone Tracker

Got an iPhone or 3G iPad? Apple is recording your moves

Friday 104

Goodbye BlackBerry

Filed under: Security — Tags: , , — zundel @ pm

Oh, poor RIM, they’ve “just been singled out.”

RIM CEO calls a halt to BBC Click interview

Nice sweat.

Grow a pair.
Deal with it, or perish.

Goodbye.
Hold Nokia’s hand and walk off into the sunset together.

The market moves fast. Enjoying your entrenched position leads to death.

Saturday 98

Patch Tuesday Hell

Filed under: Computers, Security — Tags: — zundel @ am

Expect Windows machines to temporarily become useless next week.

Microsoft releases 64 fixes on April’s bumper Patch Tuesday

And with a supposed fix of the MHTML vulnerability, lickidy split, just like that, months later.

Friday 76

Who secures the securers?

Filed under: Computers, Security — Tags: — zundel @ pm

The antics of HBGary were just amateur farce and revelation of unsurprising incompetence and bs.

This is serious.

**Updated** RSA Breached: SecurID Affected

Very serious security just took a very serious hit.

(more…)

Saturday 70

Unpatched Internet Explorer

Filed under: Computers, Security — Tags: , , — zundel @ am

Switch to Chrome.

New Attacks Leverage Unpatched IE Flaw, Microsoft Warns

An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks.

The flaw, which has not yet been patched, has been used in “limited, targeted attacks,” Microsoft said Friday

Public for two months, still not patched, and now exploited. So glad to see that they’ve started taking security seriously.
(more…)

Older Posts »

Create a free website or blog at WordPress.com.

%d bloggers like this: