ie8 fix

Defense in Depth

A real simple answer to password protection

It's a question I get asked a lot: what's a good way to remember passwords for a computer?

Here's how Christopher Horn over at chose to answer it:

Writing down random log-in user names and passwords is unsafe and leaves them vulnerable to getting lost. Use a spreadsheet or a word-processing document to keep track of all the information safely. List the link for each website you have an account with and the specific user-name and password information that goes with that account. Click the Save As option under the File tab and name the document. The
more

Despite patch, today's systems still vulnerable to 2002 flaw

For the last week, I've written that Dan Kaminsky undertook unprecedented action in coordinating a variety of vendors in secret over the last six months. , co-founder and chief technology officer of Codenomicon, wrote to challenge that notion.

In an e-mail on Thursday, Takanen cited his work on a back in 2002 as an example. Like Domain Name System, SNMP is a fundamental element of the Internet.

I wrote: "There have been other multiparty patch releases, but never has there been one on such a massive scale. It took someone with the gravitas and reputation of Kaminsky to pull together more

Adding risk to our homes

Gaining the ability to remotely control your HVAC might seem like an energy-responsible thing to do, but it might also pose hidden security risks.

In a recent blog titled , which allows you to program your thermostat remotely over the Internet from any laptop or desktop.

In California, PG&E offers a similar program, mentions only remote access from the utility, not from the end user.

Frantzen makes it clear that's he's not intentionally picking on the iThermostat system; he's only using it for educational purposes. Nor am I necessarily saying the SmartAC program is flawed either. more

Column: The man who changed Internet security

Programming note: As of Friday, July 11, 2008, Defense in Depth will now only carry my weekly column plus additional commentary on the state of computer security. My security news blogs will instead appear under the CNET News Security banner going forward. And my CNET News Security Bites podcasts can be found at here. All of these can be subscribed to via RSS.

While security researcher Dan Kaminsky still won't comment on the specific nature of a flaw within the Domain Name System--for fear that criminal hackers might exploit it before the worldwide network of name servers worldwide more

ZoneAlarm updated after Microsoft's DNS patch

On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.

The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its . A reboot is required to complete installation.

Since Tuesday, ZoneAlarm customers have complained that access to the Internet was denied after installing MS08-037, a patch designed by Microsoft to correct a vulnerability in both the client and server Domain Name System packages within Windows. Earlier on Tuesday, a security researcher announced a massive, multi-vendor patch release to address a more

Apple TV gets a security update

Apple released a security update on Thursday for its Apple TV. Version 2.1 includes six patches that address buffer overflow and arbitrary code execution vulnerabilities.

Apple TV 2.1 can be automatically downloaded when the update is detected by the Apple TV device. The patches may take up to one week to be detected, depending on the day a device checks. A manual update can be accomplished by using the TV interface and selecting Settings > Update Software. This update will not appear in your computer's Software Update application or in the Apple Downloads site.

Here's an overview more

Storm worm e-mail says U.S. attacked Iran

.

Storm got its name because it first took advantage of a huge winter storm in Northern Europe in early 2007. Since then, it has used a variety of social engineering tricks, including the use of political themes, to get unsuspecting users to open its malicious payload.

This time Storm is offering form.exe and iran_occupation.exe as executable payloads.

Acording to Dancho Danchev over at ZDNet, the latest iteration of Storm appears to be using the following domains:

  • statenewsworld . com
  • morenewsonline . com
  • dailydotnews . com
  • dotdailynews . com
  • newsworldnow . com

Some ZoneAlarm users in the dark after Microsoft patch

release.

At issue is the Microsoft Update KB951748 (MS08-037) from Microsoft, which addresses the flaw in DNS made public on Tuesday by security researcher Dan Kaminsky.

For ZoneAlarm customers who have automatic update selected for Windows Updates, and whose ZoneAlarm Internet security level is set to "high," they will experience a loss of Internet connectivity upon reboot.

ZoneAlarm users without automatic update may wish to wait to install the update until the matter is resolved.

For those who have already installed the patch, Check Point recommends users remove Microsoft Update KB951748 from their systems. Detailed instructions for doing this can more

Grisoft modifies its free AVG product after complaints

On Thursday, Webmasters around the world noticed unusual spikes in traffic. For some smaller sites the sudden surge of Web traffic toward their sites appeared to be almost a denial-of-service attack.

Turns out it was the free version of AVG Antivirus 8.0 just doing its job.

In a , Grisoft said "We have actively listened to the Webmasters who have brought this to our attention, and as a company we have reacted quickly to solve them." What it did was issue a new build of the popular free program.

What's different in version 8 from previous versions is the more

Microsoft Word vulnerability prompts advisory

issued late Tuesday.

Microsoft said only limited and targeted attacks have so far attempted to use this vulnerability against systems running Microsoft Word 2002 SP3.

To become infected, a vulnerable user would have to open a specially crafted .doc document. An attacker using this vulnerability would then have the same user rights as the victim. If a victim were running as administrator, the attacker would gain full access to the compromised PC.

Attacks such as this are often used against corporations and government sites as a means of gaining access to desktop computers inside the security perimeter and, eventually, to more

ie8 fix
  • Recently Viewed Products
  • My Lists
  • My Software Updates
  • Promo
  • Log In | Join CNET