Brian Krebs thinks so: Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals. Of the systems which I personally administrate as the ‘Chief Family Technology Officer’, the Java updates constantly annoy and confuse my mom who uses
While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries
There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today’s article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the
I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was
“Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and
In previous blogs, I mentioned that some of the presentations from the CARO workshop a couple of weeks ago were likely to be made available publicly. Unfortunately for non-attendees, most of the presentations are only available to people who were there: however, some can be downloaded by the public from here. In case I didn’t
Some of us are currently enjoying some excellent presentations at a CARO workshop in Budapest on exploits and vulnerabilities. Hopefully, some of them will eventually be made public, so that we’ll be able to include pointers to specific resources. While there’s been a great deal of technical detail made available that has passed me by
Ever since Adobe’s recent updates to Acrobat and Reader, I’ve been irritated by the fact that every time I open a PDF, I’m prompted to re-enable JavaScript, which I disabled while we were all waiting patiently for those patches to the last round of vulnerabilities. “This document contains JavaScripts. Do you want to enable JavaScripts
There was a comment posted today on an article on the SC Magazine site from someone who seemed to think we were talking up an obsolete exploit. He seems to have been thinking about this one: “Microsoft Security Bulletin MS08-014 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)”. (Which fixes this issue,
As The Register has pointed out, the Microsoft Security Bulletin Advance Notification for March 2009 doesn’t mention a forthcoming patch for the Excel vulnerability we’ve already flagged in this blog here and here and here. Since, as John Leyden remarks, the exploit is being actively exploited, it may seem that Microsoft are not taking the issue seriously
A few days ago, I promised (threatened) to make some general points about biasing test results, but travel and other obligations have been getting in the way. I’ll get back to that very shortly, but in the meantime, I want to look at an issue with the latest round of Microsoft patches that I was
CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is
Not one of our Top X lists, this time, but one featured in an article on the SANS site. SANS have been banging the drum for safer coding for quite a while – in fact, they do quite a few courses on safe coding in various development contexts. Admittedly, that gives them a financial incentive to fly
[Update info moved to new blog post on 6th January] In deference to all those old enough to get a panic attack when reminded of how bad pop music was capable of being in the 1970s, I’ll try to overcome by the urge to mention “Chirpy Chirpy Tweet Tweet”. Anyway, to business. Having all the
Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s
Here’s the second instalment of the “ten ways to dodge cyberbullets” that I promised you. Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites. This point is particularly relevant right now, given the escalating volumes of Conficker that we’re
It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions. Of
