-
Avoiding DLL Hijacks
Posted on August 28th, 2010 at 07:57 5 commentsI’ve come up with two common-sense ideas for avoiding DLL Hijack attacks.
Nothing high-tech or fancy. No Registry changes that may break other apps. Just two simple tricks that will break every DLL Hijack exploit that I’ve seen to date.
This is important because the number of reported DLL Hijack-able applications is hovering around 100, and it’ll go higher. If you run any of those apps – Word 2007 and PowerPoint 2007 and 2010 are among them – you’re susceptible to having your machine taken over by simply opening a file. Microsoft isn’t going to fix Windows to block the attacks – they can’t; the hole arises from a feature that’s part and parcel of the way Windows has worked from the beginning. The only way things will get better is when application manufacturers clean up their code. (And, yes, Microsoft is one of the companies with apps that exhibit exploitable behavior.)
If you didn’t catch my original explanation of the DLL Hijack technique, start with my Infoworld Tech Watch article on the basics. Then to see how to protect yourself in two easy steps, see my Tech Watch article How to thwart the new DLL hijacks.
-
DLL hijacking
Posted on August 25th, 2010 at 16:02 7 commentsIf you’re wondering what all the fuss is about, check out my Infoworld Tech Watch article.
The sky isn’t falling, but the bad guys just got a potent new weapon.
-
Who’s stealing your personal information?
Posted on August 19th, 2010 at 07:04 6 commentsCombined report from the Verizon RISKS team and US Secret Service holds many surprises – and useful protection tips.
Check out my Windows Secrets Lead Story.
-
Blocking Flash cookies in a corporate environment
Posted on August 19th, 2010 at 07:03 2 commentsIt ain’t easy – there are no tools!
See my InfoWorld Tech Watch blog.
And all Adobe does is wag its finger….
-
The anticipated massive mess of patches
Posted on August 11th, 2010 at 07:42 No commentsMicrosoft’s mess of patches is out. For now, I don’t see any reason to pull a chicken little and install any of ‘em. There’s yet another huge Internet Explorer update, plus (you’ll be happy to hear) yet another .NET patch.
Details on the SANS Internet Storm Center.
We’re still at MS-DEFCON 2. Let the pioneers get the arrows in their backs. None of the major holes are being exploited right now. Keep your cool.
-
MS-DEFCON 2: Lock ‘em down
Posted on August 10th, 2010 at 11:07 4 commentsWith fourteen Security Bulletins around the corner, now’s a VERY good time to check and make sure you have automatic updates turned off. Follow the instructions in any of my books to turn it off, and wait for the all-clear.
It’s going to be a bloody Tuesday.
I’m moving to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
-
New Windows 0day in CreateDIBPalette()
Posted on August 7th, 2010 at 04:20 1 commentI’ve seen several reports of a new 0day hole in Windows, which seems to affect all versions from XP SP3 to Win7.
Original posting is by someone who calls him(her?)self Arkon.
Best overview I’ve seen is on Secunia’s site.
No CVE number as yet, and it hasn’t appeared on SANS ISC, but this sounds like the genuine article.
Stay tuned….
-
Oy gevalt! 14 security bulletings coming
Posted on August 6th, 2010 at 20:52 11 commentsIt’s a record – and not a good one.
MS advises that it has 14 security bulletins, patching 34 separately identified security holes, coming on August’s Black Tuesday.
Get patched up now, OK? Heaven only knows when the coast will be clear again…


