Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011

Microsoft is playing Scrooge this year for any IT admins who were hoping to relax and ride out the rest of the year. There are 14 security bulletins planned for next week’s Patch Tuesday—one that happens to fall unusually late in the month thanks to December starting on a Thursday, and leaves IT admins with little time to patch before the holidays.

The good news, if you can call it good news, is that only three of the 14 security bulletins are rated as Critical. The bad news is that all of the remaining 11 are still rated as Important, and some of the vulnerabilities addressed in the Important security bulletins could be very attractive to would-be attackers.

IT admins who were hoping December would be laid back are in for a shock next week.
The 14 security bulletins are comprised of seven impacting Windows, five related to Microsoft Office, one dealing with Windows Media Player, and the consistent monthly update for Internet Explorer. As per usual, the flaws identified tend to impact legacy software like Windows XP and Internet Explorer 6 more than current products.

Read more »

2

Adobe Reader Zero Day Under Attack on Windows

Adobe Reader is under attack again. Adobe has issued a security advisory with details of the latest critical flaw in the popular PDF-viewing utility.

There are reports that the zero day flaw is being actively exploited in the wild with targeted attacks against Adobe Reader 9.x for Windows. However, the flaw itself impacts a broader range of Adobe products, including Adobe Reader X (10.1.1) and earlier versions for Windows and Mac OS X, Adobe Reader 9.4.6 and earlier for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Mac OS X.

Adobe continues to be a weak link and popular target for malware attacks.
According to Adobe, a successful exploit of the vulnerability could cause the target system to crash, or potentially allow the attacker to take control of the compromised PC.

Read more »

1

Warning: Tips for Secure Mobile Holiday Shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

According to data from Monetate, an ecommerce technology company, holiday shopping between Black Friday and Cyber Monday was actually down from PC Web browsers this year compared to 2010. However, holiday shopping from mobile phones more than doubled from 3.1 percent to 7.36 percent, and holiday shopping conducted from tablets skyrocketed from 1.06 percent to 4.68 percent.

Holiday shopping can be fun--but follow these tips to shop safely.
Clearly, mobile devices are becoming a part of the mainstream holidays shopping arsenal. It is interesting that the Monetate data indicates click-through and conversion rates are lower on mobile phones, but tablet usage is very similar to traditional PCs.

Read more »

1

Critical Systems at Risk Despite Water Utility False Alarm

A couple weeks ago there were reports that a water utility in Illinois had been hacked—and a water pump subsequently damaged—by attackers based in Russia. A DHS investigation determined that no such hack ever occurred, but security experts warn that more still needs to be done to protect the critical infrastructure.

As it turns out, the incident with the Curran Gardner Public Water District outside of Springfield, Illinois was not a hack at all. An exclusive report from Wired.com’s Threat Level explains that Jim Mimlitz--the founder and owner of Navionics Research, the company that set up the utility’s control system--is responsible for the “suspicious” activity.

The systems that provide the backbone of our critical infrastructure are at risk.
Threat Level reports that Mimlitz was on vacation in Russia with his family when the water utility called for support, and asked him to remotely log in to check out some data-history charts stored in the SCADA (Supervisory Control and Data Acquisition) system.

Read more »

1

7 Ways to Protect Your Printers

7 Ways to Protect Your Business Printers
Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. Howver, even if your printers can’t be used as remote firestarters, there are many risks involved in networking a printer.

Businesses often overlook keeping the printing environment secure. Data security gets a lot of attention, and file servers provide encrypted, access controlled storage. Workstations are encrypted as well, with password and even biometric access required. Databases and even files often require a password just so you can see what’s inside. Then you print that sensitive data, sending it off to a printer that may not be nearly as secure as the rest of your system.

You can avoid most networked printer problems by following the first three basic steps listed below. If you deal with highly sensitive data, then you need to go beyond those by protecting your printout at every step along its journey. HP has detailed information on how to use its products to protect your data, and other printer providers offer similar solutions as well. Regardless of the vendors you use, consider all seven of these steps to keep your businesses data secure through the printing process.

Read more »

2

Lucky Supermarkets Of California Finds Tampered Card Readers

Card Reader, Credit: Mark Hillary
Card Reader, Credit: Mark Hillary

If you shop at any of the Lucky Supermarts in California, you may want to check your bank card accounts. On November 23, 2011, Lucky notified customers that the company had found compromised credit/debit card readers in twenty of their stores.

In the notice, Lucky announced that it had discovered the compromised readers only in self-checkout lanes during the course of regular store maintenance, and that the tampered card readers were removed immediately. Lucky also says that they have also taken steps to improve the security of the card readers in all 234 of their stores.

Read more »

2

Fighting Malware and Cybercrime with Old School Criminology

It is an accepted axiom of computer and network security that the human being is the weakest link. Researchers at the University of Maryland are applying traditional criminology concepts to demonstrate that human beings may be the weakest link for the attackers as well. The insights learned may help improve computer defenses and thwart potential attacks.

The work at the University of Maryland is a unique cross-practice collaboration between Michel Cukier—associate professor of reliability engineering, and David Maimon—assistant professor of criminology. The two are working together to study cybercrime through the lens of old school criminology concepts to develop recommendations IT managers can use to prevent attacks and protect their networks.

The "human factor" makes cybercrime more predictable.
"We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component," Maimon said.

Read more »

2