Black Tuesday updatePosted on June 14th, 2012 at 10:49 11 comments
There’s been a lot of hubub about last Tuesday’s Microsoft patches.
The best piece of advice: DON’T use Internet Explorer – it’s been compromised once again, and apparently the exploit is widely distributed.
Tellingly, the only Black Tuesday patch to win ISC Storm Center‘s “Patch Now” status is the IE patch.
I see some advice from antivirus companies to install the other patches, but I don’t buy it. The .NET exploit might be a problem, but I haven’t heard of any active attacks on .NET – and patching .NET is always so much fun.
Keep your powder dry. I’m leaving us at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
11 responses to “Black Tuesday update”
Robin June 19th, 2012 at 05:38
Hi Woody, I always look to you to let me know when it is safe to update. This is the first time I have seen ISC Storm Center mentioned. Is this a valid source for information and should I “Patch Now” as it says. IE has been giving me problems with “not responding” and stalling for several days – should I download and install KB2699988 for IE8? I am using Firefox but really don’t understand how to manage this strange animal and really don’t like it even though it is so much faster. Please tell me what you think about IE9, I am still using 8 (I know you are not a fan but an opinion would be so helpful). Thanks so much!
ISC Storm Center is a very reliable source – one that I look at all the time. They’re geared toward computer security pro’s, while I work primarily with home and small office users.
Nope, don’t patch anything just yet.
I like IE 9 – it’s a great browser – but I use Chrome. Why? IE 9 gets sooooo many 0day exploits. It’s a magnet.
rc primak June 20th, 2012 at 01:48
IE with the majority of the browser market, should be the biggest magnet for 0Day exploits. Chrome isn’t that much more secure — it just doesn’t get as much attention from hackers who are looking to make money as fast as possible.
Robin June 21st, 2012 at 13:14
Thanks so much for answering my question about IE9 but now I have another question. When Chrome came out I did some reading and did not like what I found (most of this stuff is over my head anyway) so I have stayed away from it. Google is always my home page, I really liked it in the old days when it threw everything at you and did not exclude stuff or try to modify it toward what it thinks your preference is (first used it at work). I use gmail and I really feel creeped out when I see the ad’s triggered by my email content. Adding Chrome to this is kind of like putting all your eggs in one basket.
After watching a movie on Netflix the other night I wanted to look something up on my laptop and I typed in “what is a” and the first line it offered up for me to click on was “gypsey” – the movie we watched via our PS3 was about gypseys. It feels like nothing is private anymore, what could I do to have a little more privacy as I go about my business on the internet? I would greatly appreciate your input on this and please tell me what you really think about the saftey of Firefox. Is Chrome really best, if so by how much? Thanks in advance!
Complex topic, takes up two chapters in my next book!
Probably your best bet is to use Firefox with NoScript – but that introduces all sorts of problems.
Some day, Do Not Track may be a solution, but that day is far away.
rc primak June 21st, 2012 at 22:04
Two things help stop Chrome and Google tacking.
Go to Google and log in. Find your Google History and clear it. Then turn off Google history. Details here:
Then go to Abine’s web site and install their browser plug-in for their DoNotTrackPlus. Last I checked, this add-on is available for all major browsers. This is not the DoNotTrack feature with its voluntary industry lists. It is from an independent company which enforces its block list and covers most trackers. The Industry has no say in what Abine blocks. Select all the available opt-outs (a one-click operation) and a lot of tracking goes away.
Hope this helps.
Have you had any problems with, e.g., shopping basket ordering sites?
@woody: Microsoft has revised all those MS12-025 .NET security patches that were originally offered back in April.
those that avoided the MS12-025 .NET patches early on can apply the revised .NET patches. but the newly released MS12-038 .NET patches, hold off on those.
Robin June 25th, 2012 at 22:54
@RC – Thanks for your input, I do have my web history paused for gmail, stumbled across that one by accident. I will be adding DoNotTrack today. Thank you both for all the help!
rc primak June 27th, 2012 at 01:53
Amazon is happy as a clam with DoNotTrack Plus from Abine. I haven’t had the sorts of issues which Ghostery or NoScript in Firefox can cause. Banking works just fine with DNT+ as well. Turning off Google History has no effect whatsoever except more peace of mind and less spam. Google Searches might be a tad less relevant, but nothing else important to me is affected.
Leave a reply