Author: nathan

Symantec has done a very good job of putting together a very quick and easy to follow write-up on this latest Java vulnerability including disclosing the IP of at least one of the C&C servers (below).  For the impatient, the IP listed is 110.173.55.187.  I did a quick whois on it (details below) and it's part of the 110.173.48.0/12 network and is registered to CHINADEDICATED-HK (a Chinese company, big surprise there).  At this time, unless you have a specific need to communicate with hosts in this network range, we are recommending users block all traffic to / from the entire netblock (I suspect that the C&C is not limited or will not stay limited to this single IP, but that may be me being paranoid). Article -> http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident Whois info:% Whois data copyright terms…

I Am posting this from my phone, so short details and likely typos.  Massive hole in Java.  No patch.  Actively being exploited.  Disable Java.   Details ->http://www.theregister.co.uk/2013/03/01/another_day_another_java_zero_day/

Probably the biggest complaint that I've heard (from end users) about Windows 8 is that it's trying to turn their computer into a phone (a legitimate complaint, by the way).  The interface is dramatically different from what's been the 'standard' Windows interface since Windows 95.  The bad news is that it's probably not going to change.  The good news though is that there's an easy-to-install option that's free to download.  It's an open source project called Classic Shell.  To use it, download it (link below) and install.  There are tons of tweaks but the defaults are close enough to Windows 7 for most users.   http://www.classicshell.net/

If you have an iPhone and have been prompted to or have recently updated to iOS 6.1 (the latest update to the iPhone), be forewarned that an old bug has resurfaced that can allow anyone to access your voicemails, contacts and photos even if the phone is locked and password protected.  Ars Technica has a really good write up so I won't belabor it here but it's worth noting especially if your phone gets stolen (don't get me started).  If you haven't updated yet and this is a concern for you, I wouldn't update until Apple fixes the issue (or at least acknowledges it and provides a work-around).  If you have updated and this is a concern, if you haven't already installed Prey on your phone, now would be a…

Microsoft Microsoft has released 12 bulletins for February 2013 with 5 listed as critical (see the note below about MS13-010) and the remaining 7 listed as important.  It's important to note that ALL of the ones listed as critical can allow remote code execution (an attacker can install programs on your computer without your knowledge or permission).  Additional details are available from Microsoft here. MS13-010 is getting it's own special mention here.  If you're running Windows, you're affected.  This vulnerability affects IE6, IE7, IE8, IE9 and IE10 on all supported platforms.  I'll forego the normal warnings about using IE (don't use IE, I just can't help myself) but this vulnerability is reportedly being actively exploited in the wild.   Adobe As of the time of this article, Adobe has released 3 updates affecting Shockwave…

OK, so it's no secret that I'm really not a big fan of Kaspersky (if given the option between Norton / Symantec, McAfee, Trend Micro or Kaspersky, I honestly don't know which one I would choose but I would not like any of my options) and this is really a good example of why.  It appears that a recent update from Kaspersky antivirus took thousands of XP (which is still supported through April of 2014) offline.  The fix was to disable the antivirus and roll back the update.  A fix was available in about 2 hours (which is awesome, I have to give credit where credit is due) but this is something that should have *never* happened if proper QC was being done. Full Story Here

Microsoft The first round of updates for 2013 out of Redmond are mercifully small.  There are a total of 7 bulletins with 2 listed as critical and 5 listed as important.  Both of the critical updates address issues in MS Windows (between the two, all supported versions), Office, Developer tools and server products that can allow an attacker full control of your computer remotely.  Three of the 5 important address Elevation of Privilege vulnerabilities, 1 addresses a security bypass vulnerability and the remaining 1 addresses a DoS (denial of service) vulnerability.  Multiple reboots are required for the updates.  Additional details are available from Microsoft here. One additional note from Microsoft is the recent zero day vulnerability in Internet Explorer acknowledged in KB2794220.  Details on the vulnerability and the workaround were posted last…

Well, my Samsung Galaxy S3 phone was stolen from me on Friday, leaving me with no mobile phone over the weekend.  The good news is that my replacement phone arrived this morning and is good to go.  The better news is that I was able to remote wipe the phone and then report it stolen, so the thief got no use out of it and will not be able to activate it.  The bad news though is that, even though I knew about PreyProject.com, I had not installed it on my Samsung Galaxy S3 and as a result I wasn't able to track it or send the authorities over to the dirt bags house to retrieve my phone and arrange for at least a few nights at the Bartow County…