tag:blogger.com,1999:blog-46355677202050120552024-03-18T20:46:24.173-07:00GeoApps Security NewsWorking in Computer Consulting for fun and (sometimes) profit. These are recent security news items everybody who is online should be aware of.Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.comBlogger182125tag:blogger.com,1999:blog-4635567720205012055.post-66840371784429347072013-10-16T09:11:00.001-07:002013-10-16T09:11:12.122-07:00Something is broken in BloggerI can no longer update the "Antispyware Updates" widget to the right of this blog. Spybot Search and Destroy was last updated Wednesday, 16 Oct 2013, and Spyware Blaster was last updated Thursday, 10 Oct 2013.Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-6215681633103876672013-02-08T16:56:00.001-07:002013-02-08T16:56:58.790-07:00Patch Adobe Flash Player NOWFlash has been patched TWICE in the last week or so. It is under active attack, so patch your Flash players NOW. Applies to OS X and Windows, and if you're using the plug-in player (Firefox, Safari, Chromium) as well as the ActiveX (IE), remember to patch them all.Flash under attack, emergency patch issued: Update immediately | ZDNetAdobe has issued an emergency fix for Flash to prevent two Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-13438153054839761012012-12-11T15:35:00.003-07:002012-12-11T15:35:33.634-07:00A busy Patch Tuesday this DecemberI'm back after a long hiatus, mostly for family reasons. Should be blogging here more often.What a busy Tuesday: Microsoft had a BIG Patch Tuesday compounded by Adobe's Patch Tuesday and Oracle's Patch Tuesday all at once. There are security patches for the Adobe Flash Players and Adobe AIR. Oracle issued a security-enhancing patch for Java JRE 7. There is an update for Java JRE 6, but it Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-63566204051050464852012-09-07T14:34:00.001-07:002012-09-07T14:34:30.472-07:00Uninstall or downgrade Java, update Flash Player and your PDF ReaderAfter a couple of busy months which kept me from updating this blog I am back. I will try to update this at least weekly from now on.1. Uninstall Java or go back to version 6. If you have Java installed on your computer and don't need it, UNINSTALL IT. There is an unpatched flaw in the all releases of version 7 which can be used in drive-by downloads to infect your computer just by visiting a Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-12826338361433335982012-06-28T15:01:00.001-07:002012-06-28T15:01:59.080-07:00Non-Microsoft patches for JuneHere are some other miscellaneous security patches and notices you may want to look at. Java was updated earlier this month, both for Windows (7u5 and 6u33) and Mac OS X. If you have Java, please read the articles and update. Adobe's Flash Player for Firefox was updated last week (to version 11.3.300.262), as was Adobe AIR (to version 3.3.0.3610). Firefox was updated to version 13.0.1 and Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-25164490255107290592012-06-28T14:01:00.003-07:002012-06-28T14:17:40.709-07:00Microsoft Updates for June: Critical PATCH NOW fix for IE, an additional manual FixIt neededSorry, been unable to keep this up to date in a timely fashion, which is Not Good. I hope you all have been keeping up with your patching.
Windows Updates for June, 2012, included some critical patches, and one that ISC rated PATCH NOW! to fix a soon-to-be-in-the-wild flaw in Microsoft Internet Explorer and Microsoft Office. If you have not patched any of your systems where you use IE or Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-31193451608672129892012-06-08T15:02:00.001-07:002012-06-08T15:02:54.747-07:00Adobe Patches: Flash Player, Illustrator CS5, and Photoshop CS5 (12.0)Today Adobe released updates to its ubiquitous Flash Player. The business versions of the patch haven't been posted to the download site yet so I haven't tested them. Home users who don't have a version of the Flash Player which updates itself should apply the patches as soon as they can since the auto-updating version fixes a number of known vulnerabilities. Adobe rates the Windows and Mac Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-87943625047656777452012-06-08T14:49:00.001-07:002012-06-08T14:49:31.882-07:00Security updates to Mozilla Firefox and ThunderbirdNew versions of Mozilla products Firefox, Thunderbird (email) and Seamonkey (web suite) have all been released. Technical details of the fixes to Firefox can be found here: Security Advisories for Firefox; details for Firefox ESR, the business version of Firefox, can be found here: Security Advisories for Firefox ESR. Links to update info on the other products are here: Known Vulnerabilities Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-5588649579856738872012-06-08T14:40:00.001-07:002012-06-08T14:40:33.497-07:00Emergency Patch to fix security hole in Microsoft Windows UpdateThis one looks like it is under control now, but if you don't have Windows Update turned on and haven't updated recently, stop reading and update NOW! Someone very clever figured out how to distribute software that looks like it is digitally signed by Microsoft, so it would be inherently trusted by your computer and installed without asking you for permission. Since Windows Updates for June Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-62998255497254790522012-06-08T14:21:00.001-07:002012-06-08T14:21:15.221-07:006.5 million LinkedIn Passwords leaked; eHarmony, Last.FM passwords also leaked.There has been lots of urgent security news these last few days. I'll be posting them as several different entries to allow me to include some detail, but email notifications to my clients will go as one consolidated email.First, for LinkedIn users, bad news: a hashed database containing 6.5 million of your passwords leaked. Mine was among them, but it had not been "cracked" before I got it Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-56783658083214171762012-05-17T00:05:00.001-07:002012-05-17T00:05:50.838-07:00Microsoft Patch Tuesday for May, 2012: Critical Patches for soon-to-be-active exploitsWell, it has been a week+ since Patch Tuesday, and I haven't heard anything bad about any of these patches. If you haven't run Windows Update, do so now. Read the stories below for more technical details. I have patched all my boxes and not had any issues. Please let me know if you need help patching.Microsoft patches 23 Windows flaws, warns of risk of code execution attacks | ZDNet By Ryan Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-39094909576031149012012-05-16T23:04:00.001-07:002012-05-16T23:04:21.977-07:00Thursday Miscellany: Quicktime, FBI warning about open WiFi, Open/LibreOfficeHere are several small items to brighten up your Thursday. If you have Apple QuickTime installed, update it -- a new version with security fixes has been released. If you travel and use open WiFi access points or hotel WiFi or hotel networks, DO NOT APPLY SOFTWARE UPDATES WHICH YOU MIGHT BE OFFERED THERE. See the second set of stories below. OpenOffice has crawled out of the grave in which Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-56577612056786868872012-05-15T16:05:00.001-07:002012-05-15T16:05:55.491-07:00Apple OS X security update for version 10.5 (Leopard)Apple has released a security update for an older version of OS X, version 10.5 AKA Leopard, which is a "must install" for users with that version. If you are running Leopard* you should update IMMEDIATELY.Note that while Apple claims to disable "old versions of Flash" in their current update set, this is not completely true. They do NOT check to see if you are running the latest version, Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-22583783239921677412012-05-14T08:36:00.001-07:002012-05-14T08:36:01.318-07:00Adobe to patch Illustrator, Photoshop, and Flash Pro CS5.x for freeA few days ago I blogged about Adobe Security Patches for May 8, 2012"Adobe has only fixed the security holes in new versions, and you have to pay to upgrade."Well, Adobe realized it had some egg on its face regarding this policy and has quickly changed its mind. It will be providing security patches at some unspecified date in the future. Adobe about-face: Photoshop, Illustrator patches will beAngus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-4467010331859575872012-05-08T12:08:00.002-07:002012-05-11T14:34:32.809-07:00Adobe Security Patches for May 8, 2012Adobe has released two security bulletins for Adobe Photoshop CS and Adobe Flash Professional CS. However, there is bad news for those who use these Adobe products to create content, Adobe has only fixed the security holes in new versions, and you have to pay to upgrade. The latest Adobe Security bulletins and advisories as of May 8, 2012, links to the advisories for these products which tellsAngus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-50028636354287188642012-05-08T11:33:00.001-07:002012-05-08T11:33:44.166-07:00Apple updates iOS for iPx devicesInformation about the content of this update is not currently available, as Apple is usually VERY close-mouthed about security fixes, but all the sites are saying there are security holes that are plugged. Apple's security write-up on this update (HT5278) is still coming up blank. The best write-up I have seen is the ZDNet article linked near the end of this blog posting.Given the latest Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-65509285999090988802012-05-04T15:38:00.001-07:002012-05-04T15:38:21.786-07:00Extremely Urgent: Adobe Flash Player Emergency Patch ReleasedUpdate your Adobe Flash Players ASAP, especially if you run Windows and use Internet Explorer or any of Microsoft's email programs (which use IE to display email). The vulnerability exists in all versions of the Flash Player, but has not been used on other platforms -- YET. Lots of noise about this in the press.Adobe - Security Bulletins: APSB12-09 - Security update available for Adobe Flash Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-50568236964262217342012-04-17T09:37:00.002-07:002012-04-17T09:45:09.364-07:00Mac Users need to update Java AGAINIf you're running an Apple Mac with OS X 10.6 or later, you need to make sure your software is up-to-date, as Apple has updated Java again. Sorry, OS X 10.5 and earlier users, you're out of luck, and it doesn't look like Apple is ever going to patch these older versions. Users of older Macs should uninstall or disable Java ASAP as there is an unpatched vulnerability that makes you subject to Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-86746926460964435662012-04-12T08:11:00.001-07:002012-04-12T08:11:49.690-07:00Patch Tuesday April 2012 - Critical updates for Windows, Office and Adobe ReaderI'm not seeing any negative feedback on the Patch Tuesday updates from this month, so go ahead and update. Updates apply to both Microsoft Windows/Office and Adobe Reader/Acrobat 9/5 and 10.x. ISC/SANS have rated most of the Microsoft patches as "Critical", which means they are either being exploited on a targeted basis or exploits are imminent. The Bad Guys *_will_* be taking advantage of Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-77505151842986912472012-04-06T21:24:00.001-07:002012-04-06T21:24:46.121-07:00Apple releases a SECOND OS X patch in a week; more patches on TuesdayIf you are running Apple Mac computers with OS X, you need to patch your system software. There is a world-wide botnet of OS X computers that have been infected through an unpatched vulnerability in Apple's version of Java. The earlier patch fixed Java. We don't yet know what the second patch fixes, although there are reports it's an update to the first patch. Read the linked pages below for Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-21413609113330899112012-04-04T14:59:00.002-07:002012-04-04T15:01:39.590-07:00Urgent Fix for Zero-Day Mac Java FlawIf you run a Mac or know someone who does, please patch your Mac or tell them to patch theirs!
Urgent Fix for Zero-Day Mac Java Flaw — Krebs on Security
Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-45952506116640939002012-03-28T10:09:00.001-07:002012-03-28T10:09:37.604-07:00Java exploit in-the-wildHere's some good advice from Brian Krebs:New Java Attack Rolled into Exploit Packs — Krebs on SecurityIf your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these toolsAngus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-21038655002911518322012-03-28T10:08:00.001-07:002012-03-28T10:08:18.687-07:00Firefox 11 includes critical security fixFirefox 11.0 was released earlier this month. Firefox 10.0.3 Enterprise also includes the same security fixes, but is much more difficult to find.Mozilla knew of Pwn2Own bug before CanSecWest | ZDNetBy Ryan Naraine | March 13, 2012, 6:56pm PDT... That fix arrived today with Firefox 11, a high-priority update that fixes a dozen security flaws that expose Windows and Mac OS X users to a wide Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0tag:blogger.com,1999:blog-4635567720205012055.post-55400921777628216382012-03-28T08:46:00.001-07:002012-03-28T08:46:51.498-07:00Windows Updates for March include critical fix for RDPThe Windows Update round for March, 2012, included one patch, MS12-020, "Vulnerabilities in Remote Desktop Could Allow Remote Code Execution", which has the security blogosphere buzzing. It is probably critical only for corporate environments where Remote Desktop is enabled and exposed to the open Internet. Home Users don't routinely have RDP enabled and if they do, they have to expose it Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com1tag:blogger.com,1999:blog-4635567720205012055.post-32468925058193772702012-03-28T08:26:00.001-07:002012-03-28T08:26:12.343-07:00Adobe Flash Player updated -- includes automatic background updatesAdobe has released Version 11.2.202.288 of the Flash Player plugin for browsers. This update includes a major change: it installs a background service called "Adobe Flash Player Update Service" and creates a scheduled task which runs once an hour to check for updates. The service only runs when the task activates it, so there is no significant load on the computer. If you use a passive Angus Scott-Fleminghttp://www.blogger.com/profile/00881345250007488266noreply@blogger.com0