• Patch Lady – I smell a Rat

    (coming to you from the friendly wifi of United Airlines as I fly to the Quest/The Experts Conference)

    So twice lately someone has asked about articles indicating that we should patch now.  Yesterday.  Like the day before yesterday.  And yet, when I’m reading the articles, I can’t find a single specific update they are talking about.

    All Windows users should update immediately as ‘Complete Control’ hack is confirmed



    Okay so the gist of the article (that I can tell is) that a research firm came out with a PR whitepaper on NanoRat 1.2.2 and said that it’s being used more in attacks.   The attacks come in via phishing and macro enabled documents.

    So…..?  This is different than any of the other daily phishing attacks I see in my spam filters?

    And all you can tell me is to “patch now”?  Patching my operating system won’t patch if I’m stupid enough to click on something.  Patching my operating system won’t patch if I’m stupid enough to enter my credentials on a well done web page pretending to be my mail server needing me to “upgrade”.

    Bottom line, telling me to patch now when there’s no specific operating system update in the August updates that will protect us from this is just running around like Chicken Little telling me the sky is falling.

    Come on tech sites, stop using Public relations stunts to write your content.  There’s enough true security stories out there for us to be more than scared over.  (The one that concerns me is the recent ransomware coming into multiple government entities via  a shared managed service providers).

    Make no mistake the bad guys want to get us, but articles like these that give no good solid actionable items other than “patch” when it’s not even Patch Tuesday are just ridiculous.