LastPass - despite the recent dust-up with LastPass it's still my Read the rest »
Security: DLL Search order Vulnerability
This is a little old, reported about a month ago, but I’m just getting around to patching it and Microsoft isn't. The “Insecure Library Loading Could Allow Remote Code Execution” vulnerability was announced by Microsoft back in late August in bulletin 2269637. Unfortunately Microsoft has not rolled out a patch with their normal patch rollouts. Probably because of the potential to break apps. They did publishknowledge base article 2264107 which has a workaround to the problem. Read the rest »
TrueCrypt: Full Disk Encryption
After seeing how easy TrueCrypt worked when I used it to encrypt files (or more accurately, create a encrypted container to hold files) I decided to give full disk encryption a try on my new Dell Inspiron laptop. I was planning to take the laptop on my vacation trip and wanted to encrypt the data. The laptop was new and not a critical part of my workflow so if full disk encryption cratered the laptop, requiring a rebuild, it could wait until after my trip without causing any serious problems. Read the rest »
TrueCrypt 7.0–Install & Encrypt USB Flash Drive
With the arrival if my new Dell Inspiron laptop just before some planned vacation travel I decided to try out disk encryption. My plan was to encrypt a USB drive and add an encrypted container for files on my laptop. Using Windows Bitlocker would have required upgrading to a more expensive version of Windows 7 so I went with the free Open Source TrueCrypt. In addition to being Open Source, it’s also cross-platform and runs on Windows, OS X and Linux. Read the rest »
WordPress – The Windows of the Internet
It’s been widely reported that sites running the standalone version of WordPress are under “attack” and vulnerabilities are being exploited to insert malicious code into the site. I couldn’t help but notice similarities to Microsoft Windows. While WordPress may not have the same market share as Windows it does have greater mindshare than any other single publishing platform. (OK, I don’t have the stats to back that up so maybe I’m wrong.) There’s even a major hosting company that specifically promotes WordPress standalone hosting. So like Windows, which comes pre-installed [...] Read the rest »
WordPress Administration Over SSL
Since this is my third straight WordPress related post it’s probably obvious that I spent some time digging into WordPress this weekend. This feature (WordPress Administration over SSL) has been in WordPress awhile and was available via plugins for some time before that. Administration over SSL encrypts the traffic between the browser and the server so no one can look in on your traffic. In the case of WordPress this means no one can pluck your password off the network. Without SSL your password is in clear text and can [...] Read the rest »
Microsoft Security Updates for July 2008
Microsoft has released four security bulletins for July 2008, two of which are for desktops. MS08-038 addresses a vulnerability in Windows Explorer and is for Windows Vista and carries an “important” rating. The update includes the original Vista, Vista SP1 and Vista x64. MS08-037 addresses a vulnerability in DNS and is for Windows 2000 SP4, Windows XP SP2 & SP3, and Windows XP x64 original release & SP2. it’s rated as “important”. [Updated: This patch is part of a coordinated, multi-vendor DNS patch.] These patches, and the others, also affect [...] Read the rest »
Microsoft Security Bulletins for April 2008
Another "Super Tuesday" patched this week but I just got around to firing up my Windows VM’s today (actually it’s been about 12 days since I’ve been in Windows). There were ten updates waiting for me on Windows Vista and eight on Windows XP Home, although not all were security related. This month’s updates included: KB945553 (MS08-020) – Vulnerability in DNS client could allow spoofing. This is rated as "Important" for all supported desktop OS’s except Windows Vista SP1, which doesn’t need the update. KB948590 (MS08-021) – Vulnerability in GDI [...] Read the rest »
Microsoft Security Bulletins for March 2008
Microsoft has released 4 security bulletins for March. All are for Office products and all are rated critical for one or more of the affected products. There weren’t any OS or IE updates this month. Since I don’t run any Office products I didn’t install any Microsoft updates this month, but these were the updates: MS08-014 is a security update that patches several vulnerabilities in Microsoft Excel. Microsoft Excel 2003 Service Pack 3 and Microsoft Excel 2007 Service Pack 1 are not affected but other versions of Excel are vulnerable. [...] Read the rest »
Microsoft Security Bulletins for February 2008
Microsoft released 11 security bulletins for February 2008, six are rated critical and five are important. My Windows XP Pro SP2 installation received the following updates through Windows Update: MS08-010 – Cumulative Update for Internet Explorer (critical) MS08-007 – Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (critical) MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (critical) A reboot was required. I’m running the Windows Vista SP1 Release Candidate so I didn’t get any updates on that machine. I don’t run MS Office apps so I [...] Read the rest »
