Evilgrade Attacks Automatic Updates

Last week I wrote about the DNS cache poisoning vulnerability that affects nearly all vendors’ DNS implementations.  If you haven’t patched your servers yet, now would be a good time to do so.  On Monday a security research group in Argentina called Infobyte released a...

The Dark Side of Web Surfing

Not long ago, if you kept your web surfing to “reputable” sites (i.e. non-pornographic and gambling), you could be fairly certain that your machine would not be the victim of an attack from the site you visited.  But times have changed.  Just prior to the 2007 Super Bowl,...

The DNS Mess

This week the details of a major vulnerability in the software that runs the Domain Name System (DNS) were released to the public.  This occurred only a couple of weeks after software vendors released patches to fix the vulnerability.  This bug affects virtually every vendors’...

Losing the Patching Game

In my last article I wrote about the need to keep systems up-to-date with the latest security patches from software vendors. This includes not only operating system patches, but patches for third party applications as well.  I have only three computers at my home and at times I find it...

The Patching Game

A new study released last week by the SANS Institute’s Internet Storm Center that found that an unpatched computer running Windows XP will be compromised in under 5 minutes if directly connected to the Internet. German PhD candidate and co-founder of the German Honeynet Project,...