News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Patch Lady – we have another Spectre/Meltdown

    Posted on August 6th, 2019 at 21:52 Susan Bradley Comment on the AskWoody Lounge

    So included in the July patches was another Spectre/Meltdown patch that the information about it is just coming out today.  I’m still not convinced that we’ve seen actual attacks using Spectre/Meltdown nor am I convinced that we will see it in the wild.  Rather it’s my opinion that it will be used in targeted attacks but not in widespread ones.  Nevertheless, once again there’s another variant that got patched in the July updates:

     

    08/06/2019 08:21 PM EDT

     

    Original release date: August 6, 2019
    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems’ memory.

    Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from “speculative execution”—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

    CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available:

  • BlueKeep exploitation expected soon

    Posted on July 23rd, 2019 at 02:59 Kirsty Comment on the AskWoody Lounge

    Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.

    Dan Goodin‘s article on ArsTechnica.com is fairly succinct:

    BEWARE OF WORMABLE EXPLOITS —
    Chances of destructive BlueKeep exploit rise with new explainer posted online

     
    We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.

    Are you protected?

     
    UPDATE:
    Kevin Beaumont is also warning about a more imminent threat from BlueKeep

  • Is Wi-Fi security irretrievably broken?

    Posted on October 15th, 2017 at 19:45 woody Comment on the AskWoody Lounge

    There’s a lot of buzz this weekend about a flaw that’s purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.

    Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they’re posted.

    See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.

  • Google Chrome Browser Vulnerability – check your “where to save file” settings

    Posted on May 20th, 2017 at 19:16 Kirsty Comment on the AskWoody Lounge

    Last week, a new topic was posted on a vulnerability on Google Chrome Browser over on Code Red – security advisories.

    From Catalin Cimpanu, on bleepingcomputer.com:

    Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer’s login credentials with an attacker via Google Chrome and the SMB protocol.

    Users can do this by visiting:
    Settings -> Show advanced settings -> Ask where to save each file before downloading

    More advanced protection measures include blocking outbound SMB requests via firewalls, so local computers can’t query remote SMB servers.

     
    Bosko Stankovic, on defense.com said:

    With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the preset one. From a security standpoint, this feature is not an ideal behavior

    In order to disable automatic downloads in Google Chrome, the following changes should be made: Settings -> Show advanced settings -> Check the Ask where to save each file before downloading option. Manually approving each download attempt significantly decreases the risk of NTLMv2 credential theft attacks using SCF files.

     
    scmagazine.com discussed this issue in Greg Masters’ article – see today’s post on this over on Google Chrome Flaw Could Allow Windows Credential Theft

    Now would be a good time to check that your browser is set to ask where to save downloads, even if you use another brand.