Blog Archives

April 2014 Patch Tuesday

Microsoft has released a smaller amount of patches this month, two of them critical (office/IE).

Windows XP support has ended

Any flaws discovered from now on—and it’s inevitable that some will be discovered—will never be publicly patched.

OpenSSL Vulnerability “HeartBleed”

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.  You can check your own sites.   UTC does not appear to be vulnerable.

The #1 paid app in the Google Playstore “Virus Shield” is a complete scam

Android Police has discovered that all the app does is change a red “X” graphic to a red “check” graphic.

HTTPS Strict Transport Protocol (HSTS) in Internet Explorer 12

Browsers supporting HSTS force any sessions sent over HTTP to be sent instead over HTTPS, encrypting communication to and from a website.

Microsoft products to block “adware”

New objective criteria drafted up by the company stipulates that by July 1 internet ads must have a visible close button and must clearly state who’s behind them, or they’ll be branded as adware.

Powershell Malware

Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell to carry out its routines. PowerShell is a powerful interactive shell/scripting tool that is available for all current versions of Windows

Microsoft’s Security Products Will Block Adware By Default Starting On July 1

As of July 1, the company’s security products will immediately stop any adware they detect and notify the user, who can then restore the program if they wish. Currently, when any of Microsoft’s security products (including Microsoft Security Essentials and Microsoft Forefront) detects a program as adware, it will alert the user and offer them a recommended action

Hackers Turn Security Camera DVRs Into Worst Bitcoin Miners Ever

But it also tries to earn a little scratch for its creators by mining bitcoins, a processor-intensive activity that would probably slow down any infected DVR.

Boxee.tv hacked.

Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year, researchers said.