Category Archives: Computer Virus

Internet Explorer Vulnerability

Announced last weekend was an Interent Explorer vulnerabilty of such a serious nature that Homeland Security has recommended not to use this browser.

It affects versions 6 to 11. Targets appear to be US defense and financial sectors according to FireEye as quoted in the link below. Recommendations besides not using IE, are to turn off Adobe Flash for IE and use EMET(Enhanced Mitigation Experience Toolkit), a Microsoft security tool.

http://www.theglobeandmail.com/technology/tech-news/microsoft-rushes-to-fix-internet-explorer-after-attacks/article18297817/

http://www.forbes.com/fdc/welcome_mjx.shtml

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

 

 

Heartbleed Bug

In the news, is the “Heartbleed Bug”.  While it has made the public news, it sadly is not new and based on at least a two year old flaw.

The Heartbleed Bug  exploits a vulnerability (Heartbleed) in the way in which the OpenSSL encryption checks to verify that there is a computer at the end. That process sends a packet of data to check to see if there is a computer on the other end of a process. This is the “heartbeat”.

The bug sends out a disguised heartbeat to get a reply from your computer and tricks it into giving it additional information. This can include memory stored data that can include the encryption key. That key will unlock the encryption code and make the data read easily by anyone. Basically instead of a packet of data being sent that says “Hello are you there?” it becomes “Hello are you there and give me the (encryption) keys to the palace”.

What to do? As always,  change  your password frequently. Ask your hosting service if they have installed the patch. They should have done this  weeks ago, when they were alerted before it hit the general public news.

You can read more here at <a href=”http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/” target=”_blank” rel=”nofollow nofollow”>http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/</a>

Apple Issues Security Patch: Go To Fail Bug

Apple issued a security patch for the “go to” fail bug that has existed for over a year.

A flaw in how an Apple computer or device checks certificates for sites to see if they are valid could be exploited by hackers who could attack via an unsecured or poorly secured network.

<a title=”http://www.theglobeandmail.com/report-on-business/international-business/us-business/at-apple-a-flaw-a-fix-and-fears-of-a-damaged-brand/article17126890/” href=”http://www.theglobeandmail.com/report-on-business/international-business/us-business/at-apple-a-flaw-a-fix-and-fears-of-a-damaged-brand/article17126890/”>http://www.theglobeandmail.com/report-on-business/international-business/us-business/at-apple-a-flaw-a-fix-and-fears-of-a-damaged-brand/article17126890/</a>