F-Secure generated a lot of traffic in the blogosphere with their post declaring Java harmful and better to not be installed on computers. To me the only surprising part is the discussions this generated. Isn’t this old news? Principle of least privilege says to remove it if you don’t need it. So when you’re regularly updating an …
On Tuesday, as seems to be the custom, Microsoft released patches and announced a new zero day in Internet Explorer. MSKB 981374 is a remote code execution in IE6 and IE7. Who know that being on IE5 could ever be a good thing. The KB says Microsoft released details to venders in their Microsoft Active …
A few weeks ago my officemate posted to Facebook, I’ve just been told by two different Mac Geniuses that installing an antivirus software could actually make the Mac computer less secure. Unfortunately, both were phone conversations because I’m almost certain they were doing the Jedi mind trick hand motions. As I read that, I figured …
Adobe has released an update for Shockwave to patch security vulnerabilities. A security bulletin was released today. As usual Adobe is giving enterprise admins the finger by advising that in order to upgrade Shockwave, you must first uninstall old Shockwave versions, reboot and then install the new version of Shockwave. Does anyone actually do that? I …
Web security has changed a lot in the past few years. It is no longer good enough to take a desktop antivirus scan engine and scan web content. URL filtering isn’t enough. It is not enough to put HTTP security on your corporate gateway. The reason its not good enough to have a HTTP security …
I usually skip over the Mac versus PC adds, but due to the hazards of watching football live I caught one today. It was about the hardware innovations of the Mac. Kind of silly since last time I checked my hardware was from Dell not from Microsoft. How about Macs software innovations. Apple went all …
While trying to eval a HTTP security solution I’ve been trolling for viruses by browsing Google Top Trends. The vender advertizeing their zero day protection detects the virus even when virustotal has only one scanner detecting (and not one used by this vender). So they are showing off their zero day protection rather well. The …
I wrote about a Flash zero day yesterday. Its important to note that while it may be possible to disable Flash (and other multimedia) content inside of Adobe Reader PDFs (in fact that may be the default setting, its not clear to me) (this setting has no effect) the attack has been seen as straight …
iDefense has seen a Flash zero day exploit within a PDF file during a recent zero day attack investigation. Its hard to believe that at one point in time PDF files were considered safe.
I received a bit of unsolicited commercial email from SmartDraw that claimed I can get the benefits of Microsoft Office 2007 without the costs and headaches of upgrading. In smaller type they claimed that the biggest improvements in Office 2007 over previous versions is new graphic and drawing tools. That you can buy their product …