Archive for January, 2012

Are Your Passwords Up To Snuff, Or Are You A Target For A Hacker!!!

January 16, 2012

We always enjoy a useful infographic, and there are few things quite as important as choosing a strong password—at least in the area of online security. If you’re looking to beef up your passwords, here are plenty of great tips consolidated into one great image.
Over the years we’ve suggested plenty of strong password tips, such as using a multi-word passphrase, only using passwords you can’t remember, utilizing LastPass a password manager, and more. We thought it would be great to have all those tips in a single, easy-to-read format. If you’re looking to strengthen your existing passwords or change a recently compromised password, be sure to check it out in its entirety

Google Reader 379

January 11, 2012

Adobe, Microsoft Issue Critical Security Fixes
by Brian Krebs

Adobe and Microsoft today each issued software fixes to tackle dangerous security flaws in their products. If you use Acrobat, Adobe Reader or Windows, it’s time to patch.

MS Windows

Microsoft released seven security bulletins addressing at least eight vulnerabilities in Windows. The lone “critical” Microsoft patch addresses a pair of bugs in Windows Media Player. Microsoft warns that attackers could exploit these flaws to break into Windows systems without any help from users; the vulnerability could be triggered just by browsing to a site that hosts specially crafted video content.

The other Windows patches earned a less severe “important” rating from Microsoft, although not everyone agrees with that assessment. Symantec’s Joshua Talbot said another bug fixed today — a glitch in the way Windows handles Microsoft Office files — is potentially more dangerous because it appears to be easier to exploit than the Media Player flaw.

“The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file,” Talbot said. “Email attachments will probably be the most common attack method in which this vulnerability is exploited. As usual, we strongly recommend users only open email attachments from people they know.”

On Dec. 29, Microsoft issued an out-of-band update to address a flaw in ASP.Net that could allow an attacker to force a user to visit a malicious web site. The vulnerability affects all versions of the .NET Framework on Windows XP and later versions of Windows. If you use Windows see a .NET Framework patch awaiting your approval in Windows Update this month, don’t neglect it.

Adobe

In a separate release, Adobe pushed out security updates for Adobe Reader and Acrobat. At the forefront of the Adobe patch batch is a fix for a zero-day flaw in Acrobat and Reader that Adobe first warned about in early December. Shortly after that warning, Adobe issued a fix for the flaw in Reader 9.x and Acrobat 9.x, but said it would wait until today (its scheduled, quarterly update) to address it in the new Reader X and Acrobat X versions of the software. Adobe recommends that users of Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.2). Updates are available for Windows and Mac versions of these titles; see the Adobe advisory for the patch download links.

As ever, if you experience any problems as a result of installing these updates, please drop a note in the comments below.

Mozilla readies to pull support plug on Firefox 3.6

January 5, 2012

Mozilla readies to pull support plug on Firefox 3.6

Mozilla has announced a date for the end of support for Firefox 3.6. April 24, 2012. Mark it in your calendar, Firefox 3.6 users!

Why is this date significant? Because after this date there will be no more new releases to fix security patches. The browser will get real old (and real dangerous to use) real fast. Using Firefox 3.6 beyond the end of life date is NOT RECOMMENDED.