Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • Tech behind Flame attack could compromise Windows Update

    Posted on June 5th, 2012 at 23:34 woody 2 comments

    Flame itself is a yawner. But the technology that’s been used – which researchers are only starting to dig into – is breathtaking.

    And scary.

    InfoWorld Tech Watch.

  • When is a security cert not a security cert?

    Posted on June 4th, 2012 at 21:21 woody 4 comments

    When it’s a Microsoft security cert, of course.

    Microsoft just sent an out-of-band patch down the Automatic Update chute. It plugs one of the (many) holes used by the “Flame” malware.

    While I figure none of you are susceptible to Flame – the whole thing’s been overblown – you may be susceptible if some cretin figures out how to use the security certificate signing technique to generate a different cert.

    Microsoft has details in Security Advisory 2718704 . Brian Krebs has an excellent synopsis on his site.

    I’m about to change the MS-DEFCON level to 4. This patch is good incentive.