Category Archives: Security
One interesting fact that didn’t make it into this month’s newsletter article on “The Secret Life of Spam” is that the United States leads the world in the overall volume of spam produced. And by a huge margin, too: according to security site Sophos, 24% of all spam generated this spring. That’s nearly a quarter! France and China, the runners-up, come in at less than 7% each. The full results can be accessed here. The results may be surprising because we tend to think of spam originating in Russia or Nigeria, or the actual place where the criminals who generate it live. But spam is a world-wide problem, and one would think the bad guys generally know enough to not spoil their own nests. Instead, the countries which actually generate the most spam are those where the most computers are infected with malware. The US merits the top billing for volume not so much due to poor security practices, but to our large and highly-connected population. When the overall amount is divided by population, the US doesn’t do so badly. In a per-person comparison, we come up merely twelfth, near the bottom with Bulgaria and Belarus being tops at 2.7 and 1.9 times the American rate. However, the US is still spewing a lot of crap messages, and if you’re infected, you’re part of the problem. Once your machine becomes part of a botnet, it’s essentially a zombie out of … Continue reading
The news of the latest zero-day (or previously unknown and unpatched) exploit for Microsoft’s browser, Internet Explorer 8, being fixed is still fresh. But another has been announced. This one, however, has not been fixed. Even worse, Microsoft’s known about it for 7 months and not only hasn’t come up with a solution, they haven’t said anything except that though the hole remains wide open, they do not know of any attacks using it. The flaw was made known by the Zero Day Initiative, a site devoted to the responsible and timely announcement of security flaws by the industry. This particular vulnerability allows an attacker to run malicious code against your machine when you visit an infected website with IE8. The easiest way to protect yourself is to set your browsers security settings at the highest level, to block the operations of Active X and Active Scripting. A list of upcoming, unannounced zero day exploits may be found here.
UPDATE: As of Thursday, May 1, Microsoft has issued a patch for Internet Explorer. It’s available through Windows Updates, and the good news is they’ve included Windowx XP in the fix. Please note, however, that XP is still otherwise unsupported, and an upgrade to Windows 7 or higher is still necessary. If Windows Updates has not automatically downloaded the patch, go to the Start screen by clicking on the Windows logo in the left end of the toolbar, choose Control Panel, and click on Windows Update. That will tell you how many updates, the patch included, are available for download. You can do so from right there, and also check your Windows Update settings. If your computer is on all the time, you might want to set it so it automatically upcoming downloads and installs overnight; otherwise, set it to notify you so that you can do it when you want. Here’s a link to Microsoft’s Security Bulletin. The originally article follows: If you’re viewing this in Microsoft’s Internet Explorer, pay attention: your computer is in danger of being hijacked. In an unprecedented warning, Microsoft is altering users of its popular Internet Explorer web browser, versions 6 through 11, of a major security flaw. It is taking the unusual step of actually asking users not to use the browser. The flaw allows hackers to impersonate a trusted, familiar website in order to steal personal data and basically take over the … Continue reading