DON’T press the F1 key – there is a current vulnerability in Windows XP / IE that has not been patched. If an attacker can convince the user to press the F1 (the default help key in Windows…well, you know the rest of the story. There is no definite word about when there will be a patch available.
On a positive note, Microsoft has been taking the battle against botnets to the courts. Let’s hope that others follow suit. This certainly will not cure the problem, but it sure helps.
Thick clients, thin clients, and now…zero clients.. This device has no OS, no memory, no drivers. I simply connects a keyboard, mouse and display to a remote server via standard TCP/IP protocols. Now this is centralized management – and centralized security.
Have a Lenovo Thinkpad? Don’t forget the supervisor password – Lenovo says the only fix is to replace the motherboard.. Ouch!
Which is more secure – open source or commercial software? According to this article, open source software is patched more quickly.
Could your use of social networking raise your insurance premiums? According to this article, it could – at least in the UK.
Microsoft Security Essentials – it’s free, it’s good, but is it the REAL Security Essentials? Watch out, because there is a rogue pretending to be MS Security Essentials..
Another small chink has appeared in the armor of WPA / TKIP. This protocol is still pretty secure, but best practice is now to move on to WPA2 and AES encryption.
Are two malware programs better than one? Well, of course – we knew that (but then again, we know stuff).
Spam + drive-by download + Zeus = empty bank account. Watch out for fake IRS (Revenue Canada, etc.) email messages. Zeus is a nasty password-stealing trojan that has emptied many a bank account. It is also being spread through fake AIM updates.
Want to know more about how SQL injection attacks work? Here is a good place to learn more. SQL injection attacks are among the most common web attacks.
Dennis H in West Virginia, US
March 3, 2010