|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
What Microsoft didn’t say about the new 0day Windows flaw
Posted on February 1st, 2011 at 03:37 2 commentsCasting blame on Windows, when Internet Explorer is at fault.
See my latest InfoWorld Tech Watch blog.
-
Yet another Internet Explorer 0day
Posted on January 29th, 2011 at 13:21 2 commentsMicrosoft has released Security Advisory 2501696, describing yet another 0day flaw in Internet Explorer.
This time the problem lies in the way IE handles MHTML code. Apparently there’s a way for a sufficiently ornery Web page to run amok on your PC, if you’re browsing with Internet Explorer. No action on your part necessary; it’s a drive-by security hole.
You have two choices.
You can either run Microsoft’s Fixit, which sits in Knowledge Base article 2510696.
Or you can do what I’ve been begging you to do for almost a decade now. Use Firefox. Or Chrome. Or Safari. Or anything except Internet Explorer.
-
Chinese activist attacks based on Internet Explorer 0day?
Posted on January 15th, 2010 at 07:32 No commentsBrian Krebs reports that the attacks on Chinese human rights activists that I talked about a couple of days ago – the attack that led Google to finally take a stand in support of basic human dignity over corporate profits – was made possible by my favorite security whipping boy, Internet Explorer.
Microsoft has confirmed the 0day hole in Security Advisory 979352.
It looks like the IE 0day is only part of the story, though. The attacks were made possible by a smorgasbord of 0day holes. Researchers are still looking at all of the problems.
The Washington Post (now without Krebs) says that the Google attack is much larger than originally thought:
Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States… At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources.
The bottom line for home users is pretty simple: the bad guys aren’t out to get you, and at the moment you don’t have anything to worry about. These are sophisticated, targeted attacks that haven’t yet made it out into the general population.
But remember who’s behind it, and why, OK?
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)