WordPress 3.3.1 Released

If you haven’t logged into your WordPress today, this is news to you.   Version 3.3.1 has been released to fix a XSS vulnerability. According to ThreatPost, this is only a vulnerability if you installed WordPress by browsing to the IP.   Most installs are hosted and you would browse to the site FQDN to install.   These …

Continue reading ‘WordPress 3.3.1 Released’ »

F-Secure on Java

F-Secure generated a lot of traffic in the blogosphere with their post declaring Java harmful and better to not be installed on computers.   To me the only surprising part is the discussions this generated.   Isn’t this old news?   Principle of least privilege says to remove it if you don’t need it.   So when you’re regularly updating an …

Continue reading ‘F-Secure on Java’ »

Windows 8 Patch Reboot Policy

I’m kind of confused by the headlines that Microsoft is streamlining the security update process in Windows 8 resulting in less reboots. One could easily conclude from the headline that Microsoft has gone to work to make it less necessary to reboot when updates are applied.   Instead they are saving up reboots until patch Tuesday. It …

Continue reading ‘Windows 8 Patch Reboot Policy’ »

Flash 10.3.181.34

SANS posted a one-liner today reporting that Flash 10.3.181.34  was available for download from Adobe.   This wasn’t entirely unexpected because Google released a new version of Chrome on June 30th which contained a new version of Flash.   Adobe seems to be releasing new Flash versions to the rest of us a couple days after Chrome.   Adobe …

Continue reading ‘Flash 10.3.181.34’ »