Along with putting together this security blog every week, my duties also include writing any pertinent security news for MCPmag.com and RedmondMag.com. That includes covering Microsoft’s monthly Security Update, which I took care of Tuesday afternoon.
However, it seems like I missed one key feature in the roll out. Apparently the patch came with an update for Microsoft’s Forefront and Security Essentials antivirus software that now sees Google as a “severe” target.
Once the update has been installed, users visiting Google.com became alerted that the Web site was infected with a Black hole Exploit Kit. I would give you more details on what this kit actually does, but I’m a little concerned that I may be left open to a Black hole Exploit if I Google Black hole Exploit.
What I do know about it is that a real one recently took down the U.S. Postal Service’s Rapid Information Bulletin Board System Web site.
Stories of false positives after updates are not a rare occurrence, and are usually fixed fairly quickly.
Microsoft Also Patches Out Real Vulnerabilities
Besides the bonus Google warning (MS REALLY wants you to use Bing), Microsoft’s February Security Update took care of 21 different holes across a myriad of MS software with four “critical” bulletins and five items deemed “important.”
The four high-priority items all deal with remote code execution flaws in Windows, Internet Explorer, .NET Framework and Microsoft Silver light.
The one that stands out this month is bulletin MS12-013, which changes how the DLL calculates memory data so that attackers couldn’t gain access to your computer when you unknowingly click on a malicious media file from an e-mail or Web site.
Tyler Regularly, technical manager of security research and development at security firm n-Circle, also thinks this item is worth your attention: “Everyone is likely to see this critical vulnerability and freak out,” he wrote. “However, it’s important to note that the attack vector is limited.”
While security vulnerabilities and critical patches are definitely something we should be concerned about, do they ever really garter a “freak out” response, especially when they haven’t done any damage to your system yet?
Let me know your plan of attack for this month’s Security Update. And also share with me your biggest security “freak out” moment. Send your responses to firstname.lastname@example.org.
How To Not Save Personal Information Online
The answer is in a plain text file.
Seems obvious enough. Unless you’re Microsoft.
Earlier this week it had its India online store attacked by hackers from a group named Evil Shadow Team (wasn’t that the name of the bad guys in Karate Kid II?). Not only did it gain unauthorized access to the company’s Web site, but it also made off with usernames and passwords of customers, which, as stated earlier, was completely unencrypted.
After the attack, Microsoft took the site online (which is still the case) and e-mailed users that their passwords had been automatically reset. It also confirmed that billing information, including addresses and credit card numbers, were safe.