If It Is On the Internet It Must Be True

Comments Off on If It Is On the Internet It Must Be True

If it is on the Internet, it must be true — Because:

  • You Can Trust History…

    AbeLincololnHumor

  • It is a Great Haven for the Terminally Naive…

    Nigeriascam

  • Where the Early Bird Gets Caught by the Worm…

    Scam2

  • And Blind Dates turn out to be French Models…

  • Bonjour

  • Bon Jour, Everyone!

    Advertisements

    Microsoft Tuesday, Exploit Wednesday and Why You Need to Do Updates

    Comments Off on Microsoft Tuesday, Exploit Wednesday and Why You Need to Do Updates

    patchMicrosoft Tuesday?

    Oh you savvy dog, you! You already know that it is the first Tuesday of every month when Microsoft (MS) releases all those security patches and other fixes… Microsoft wants to make your operating system and other MS products more secure and more functional.  Monthly and Free? More secure and more functional? Yep. That sounds pretty good of Microsoft, don’t you think?

    What’s that you ask? All those fixes every month? Uh – Why can’t Microsoft make their products strong and secure right from the start? Hmmm. You weren’t supposed to go in that direction. But you know, those are really good questions! So, let’s see what we can dig up on them. Let me caution you though, to not get your hopes up too high for satisfying answers. Remember, this is the company that made you go to their Start Button to Shut Down your computer… Oh, and speaking about satisfying, wait till you hear about Exploit Wednesday

    OK – why are there so many patches that last the lifetime of the software product? Why can’t software be created correctly before it is sold? Let’s oversimplify this answer just to keep it under 100 pages – and blame it on business rules and competition.

    Consider the old Vista Operating System as an example. It is estimated Vista has around 50 million lines of code! That’s a bunch of code. Ideally it would be sold with no errors in those 50,000,000 lines of code. Now let’s pretend that quality control parameters allow only .5% margin of error in the code. That seems like a very tight margin of error – until you do the math. At even that small margin, a still very usable Vista Operating System could go to market with some glitches – theoretically, a possible 250,000 lines of code with error, according to that business rule!  Whoa, that’s a lot of fleas left on the dog!

    And consider the notion that Microsoft, with a penchant for being the first to get to market with all their products, allows the post-beta testing phase of their products to be done by us, the consumer public. In other words, the company allows the product’s users to find those “possible” errors. The public then reports the errors back to Microsoft so that MS can, in turn, release patches and fixes to correct those errors.   Actually, pretttty clever… Think of the savings in time and costs for the company by letting the using public discover those errors/glitches that reached the post-beta testing phase.

    Another “Hmmmm” you muse… “Could some of those users actually be cyber bad guys?” you ask.   Bingo again, you savvy dog, you.  It is usually the exploit from the cyber bad guys rather than the software errors reported by the using public that generate the required patches and fixes.

    “But that kind of turns around my concept of releasing patches” you muse again. “I mean, the patches seem more reactive than pro-active”, you pant out loud! “That’s a really scary thought to think through. My computer is vulnerable all the time, it seems! I have to hope the next exploit won’t hit my computer while I have to wait for the patch/fix to be released so I can be safe from the last exploit but not the next one. And looking at the fact that the releases are monthly for the last 10 years…” Yeah, Browsing Bowser.  Makes the hair on my neck stand up, too…

     But are you starting to understand why immediately applying patches and fixes is essential not only to your security but also to slowing down the damage done by exploiters?  

    Which takes me to Exploit Wednesdays

    I’ll bet you already have a notion about this day, too! You are right if you think it is the Wednesday following Microsoft Tuesday! Cyber bad guys have talented code developers, too, who wait for the MS patches to be released on Microsoft Tuesday so that they can analyze the newly released patches and find ways to create new exploits. So the next day, Wednesday, or soon thereafter more exploits show up in the cyber world. And not to waste any opportunity, these exploiters use the monthly release schedule to their advantage – they know it will be at least a month before any patch will be released against them if they release their exploit on or near Exploit Wednesday

    Software Exploits.

    Exploited Users.

    Microsoft Tuesday.

    Exploit Wednesday.

    Patch as Fast as Possible Thursday.

    DogGoneComputers Rule Friday!

    PS. All software manufacturers release patches and fixes as well, including Apple. So let’s be fair to Microsoft and include them all in this scenario…

    Please Don’t Ignore These Updates

    Comments Off on Please Don’t Ignore These Updates

    Update Now!

    As your computer and personal identity security are a major concern for DogGoneComputers, we are highlighting this month’s Microsoft Updates.  Microsoft released several CRITICAL and IMPORTANT patches Tuesday, October 8, 2013, that should be applied as soon as possible.  The most important ones that you, as a responsible cyber citizen should understand are listed below.   Whether you want to read and “understand” the patches or not, please apply them ASAP!

    Internet Explorer – Critical – Zero Day Patch

    One of the patches is a Critical patch to correct a “zero day” vulnerability in Internet Explorer.   A “vulnerability” or bug, is called “zero day” because the software maker (in this case, Microsoft) has “zero days” notice to address/fix the bug that is exploited as soon as it is discovered by hackers/exploiters.  The Microsoft Website provides the following description for this Critical patch.  This patch will require a restart of your computer.

    • Cumulative Security Update for Internet Explorer (2879017)

      This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     Microsoft Office-Important – Remote Code Execution

    Microsoft Office patches are included in this month’s updates.    Microsoft Word and Excel are the targeted products.  These updates should be applied as soon as possible.  The Microsoft Website provides the following description for these Important patches:

    • Vulnerabilities in Microsoft Excel, Word, Could Allow Remote Code Execution (2885080, 2885084)

      This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel, Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Silverlight – Important – Information Disclosure

    Silverlight, as defined by Microsoft, is “a powerful development tool for creating engaging, interactive user experiences for Web and mobile applications. Silverlight is a free plug-in, powered by the .NET framework and compatible with multiple browsers, devices and operating systems, bringing a new level of interactivity wherever the Web works.”  It is a competitor to Adobe Flash Player.  The Microsoft Website provides the following description for this Important patch:

    • Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

      This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

    Make NO BONES about it… These updates are critical for you to apply as soon as possible.  If your computer is set to “Automatic Updates”, then you just have to apply/install the updates.  One of the updates requires a restart of your computer.  Please note that after the restart, you will probably have to install the remaining updates.   An Update Reminder will not let you forget…

    If your Windows computer is not set for “Automatic Updates” or you’re not sure if it is, or you want to know how to setup it up, this Microsoft support site provides directions for the various Windows Operating Systems on setting up Automatic Updates:  http://support.microsoft.com/kb/306525

    If you have questions about Automatic Updates for your Apple Computer, please visit this site:  http://support.apple.com/kb/HT1338