Wednesday, April 30, 2014
Out-of-band update for Flash
Adobe released an out-of-band update on Monday for Flash that fixes vulnerabilities that are being used to install malware remotely on computers. You should update your version of Flash as soon as possible to version 13.0.0.206. You can use the updater in the control panel (advanced tab) or manually update via the link on the side.
Thursday, April 17, 2014
Critical out-of-band Java update
Oracle released an update for Java that fixes some critical vulnerabilities. Four of the 37 fixes in the update are easily exploitable and give the attacker control of your computer so this one is critical to patch ASAP.
You can check which version of Java you are running at either Java's online update check or Mozilla's plugin checker. The latest version is Java 7 update 55.
More info on the update.
You can check which version of Java you are running at either Java's online update check or Mozilla's plugin checker. The latest version is Java 7 update 55.
More info on the update.
Tuesday, April 15, 2014
"Heartbleed" bug information
I've had a few family members ask about the "Heartbleed" bug that has made headlines over the last week. There are several details about this bug that I would like to bring attention to.
First off, this bug has wide reaching impact. An estimated 30% of internet servers world-wide were impacted by this issue. The bug can expose almost any information that is stored in memory on the server that was accessed. This includes things like usernames and passwords of users who had logged in recently, database passwords, server encryption keys, and administrator account credentials (in rare cases). The bug doesn't give the attacker control of the server directly but for some services it could expose information that would allow the attacker to make changes to the service. The attack leaves no indication that it has been performed on most servers so it is almost impossible for a company to know if their servers had been attacked.
Most of the main servers that were effected by the bug are now patched but finding a list of these servers is difficult but there is a short list of servers at Tom's Guide. You should change your password if you use any of the listed services and logout and back in to some of them to revoke your stored authentication tokens.
If you get prompted by a company to change your password you should, BUT DON'T FOLLOW AN EMAIL LINK TO DO SO. Instead, go to the site directly and follow whatever steps are on the site (usually under something like "my account"). Remember that an attacker could have obtained a list of customer's names and email addresses from vulnerable site.
More info on the bug at heartbleed.com and http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
First off, this bug has wide reaching impact. An estimated 30% of internet servers world-wide were impacted by this issue. The bug can expose almost any information that is stored in memory on the server that was accessed. This includes things like usernames and passwords of users who had logged in recently, database passwords, server encryption keys, and administrator account credentials (in rare cases). The bug doesn't give the attacker control of the server directly but for some services it could expose information that would allow the attacker to make changes to the service. The attack leaves no indication that it has been performed on most servers so it is almost impossible for a company to know if their servers had been attacked.
Most of the main servers that were effected by the bug are now patched but finding a list of these servers is difficult but there is a short list of servers at Tom's Guide. You should change your password if you use any of the listed services and logout and back in to some of them to revoke your stored authentication tokens.
If you get prompted by a company to change your password you should, BUT DON'T FOLLOW AN EMAIL LINK TO DO SO. Instead, go to the site directly and follow whatever steps are on the site (usually under something like "my account"). Remember that an attacker could have obtained a list of customer's names and email addresses from vulnerable site.
More info on the bug at heartbleed.com and http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
Wednesday, April 9, 2014
Last Patch Tuesday for XP/Office 2003
It's patch Tuesday again. This week Microsoft has released it's last batch of updates for Windows XP and Office 2003 (Server 2003 has another year of support). If you are still running Windows XP it's time to migrate or keep the device off of the network.
Microsoft also released several other patches for other versions of Windows and Office as well as updates for Internet Explorer. Many of these are rated critical and should be installed as soon as possible.
Adobe also released a critical update for Flash Player bringing it to version 13.0.0.182 on most devices. Update this as soon as possible (check your version).
More details on these updates.
Microsoft also released several other patches for other versions of Windows and Office as well as updates for Internet Explorer. Many of these are rated critical and should be installed as soon as possible.
Adobe also released a critical update for Flash Player bringing it to version 13.0.0.182 on most devices. Update this as soon as possible (check your version).
More details on these updates.
Subscribe to:
Posts (Atom)