Another second Tuesday of the month and another set of Microsoft patches. I realize it’s important to patch vulnerabilities as soon as possible and this monthly release schedule tends to go against that, but I like the consistency and ability to plan. Anyway, this week brought two patches. The first is MS08-001 titled “Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution”. This affects all supported desktop OS’s. It’s rated as Important for Windows 2000 and Critical for all flavors of Windows XP and Windows Vista. I didn’t have any [...] Read the rest »
Security Quest #15: Links & Numbers
Not much happening this holiday week so just some spam numbers and links. Spam Counts My primary mailbox (which manages multiple addresses) didn’t get any new spam messages and the 30-day count is down to four from last week’s seven. My more public GMail address received a bunch of spam messages this past week, all of which was filtered by GMail. The thirty day count jumped to 176, up from 154 messages last week. This site’s spam comment count jumped to 7,414, up 73 from last week. All were caught [...] Read the rest »
Security Quest #14: Apple Releases Security Patches
Apple released Security Update 2007-009 for OS X 10.4.11 Tiger and OS X 10.5.1 Leopard on Monday. The Apple support article lists 41 vulnerabilities that were patched. Patched components include Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer. The update requires a reboot. The Leopard update was a 35.4MB download on my Intel Macs through Apple Automatic Update. It’s also available as a 35.6MB standalone download. There are two versions for Tiger. The PPC version is a 15.9MB [...] Read the rest »
Security Quest #13: Microsoft Patch Tuesday
Yesterday was patch Tuesday for December and Microsoft released seven security bulletins. There weren’t any Office updates but there were updates for all supported OS’s – Windows 2000 Professional SP4 to Windows XP SP2, and Windows Vista – along with updates for Internet Explorer 6 and IE 7. All the updates are available through Automatic Updates or the Microsoft web site. Microsoft has said that exploits for the IE vulnerabilities are already being used. Click the bulletin number to go directly to the MS bulletin. I do not mention server [...] Read the rest »
Security Quest #12:Privacy
Facebook caused an uproar over the past week with their new Beacon advertising service. Being the last human not to have a Facebook account I didn’t follow the story too much at first, but then it became hard to ignore. At the very least it was a public relations disaster for Facebook, although I suspect it won’t really affect their membership numbers. Ars Technica has a pretty good summary and includes the changes Facebook made in response to the outcry. But it appears Facebook may still have a ways to [...] Read the rest »
Security Quest #10: Microsoft Patch Tuesday
Another second Tuesday of the month and another bundle of patches from Microsoft was expected. This time around there’s only one update for Microsoft desktops. Windows Vista goes patch-less this month. MS07-061 is a critical update for Windows XP on the desktop. It’s for both the regular and 64-bit editions. It supersedes MS06-045 and patches a vulnerability that allowed remote code execution when a specially crafted URI was passed. Windows 2000 Professional & Windows Vista are not affected. Several server versions also require the patch. I needed to reboot after [...] Read the rest »
Security Quest #9 – OSX.RSPlug.A Brings Macs Mainstream
There was news last week of a piece of malware targeting OS X. It’s called OSX.RSPlug.A (a.k.a. DNSChanger) and it’s a trojan distributed through porn sites (no puns). A lot was made of the fact that this *could* redirect browsers to malicious websites, such as phishing sites. The only real news here was that OS X was specifically targeted by a malware writer. It didn’t exploit any deficiency in OS X security. The only way to get the malware to install was to convince the user that they wanted to [...] Read the rest »
Security Quest #8 – Leopard Default Insecurity
The default OS X install has always annoyed me with it’s security holes. Since I did a fresh install of OS X 10.5 Leopard it was necessary for me to go through and change those settings. Here’s what I changed. Under security preferences I enable requiring a logon when returning from sleep or screen saver and disable automatic logon. It’s a minor inconvenience but if my Mac is ever stolen it will prevent them from logging on and using the Mac as me. It also makes it harder to get [...] Read the rest »
Security Quest #7 – New Leopard Security Features
Now’s a good time to review the new security features Apple is adding to Leopard. Besides, between the site upgrade and Leopard prep I didn’t have time to put together another security topic. Apple has 11 new security features listed on their “300+ New Features” page. Some of the non-security features seem to be padding for the list, such as an “empty trash button”. How lame are the security features and which ones are padding? The 11 from Apple’s list are: 1. Tagging Downloaded Applications:It all depends upon implementation but [...] Read the rest »
Security Quest #6 – OpenDNS
OpenDNS is a standalone DNS service that anyone can use. The term “Open” in this case means open to anyone, not open source. When you switch to the OpenDNS servers for name resolution you’ll stop using your ISP’s servers and you’ll be using the OpenDNS servers. This could provide a performance benefit if your ISP’s name resolution is slowing things down. Switching to OpenDNS is fairly simple, simply type in their DNS server addresses (208.67.222.222 and 208.67.220.220) in the appropriate spot in your network configuration. If you have a home [...] Read the rest »