Or at least it will be in the next few days at the highly entertaining Black Hat Conference. This annual get together of security experts – on both sides of the fence – has become the place to reveal newly discovered computer and network loopholes and flaws. It’s usually to be followed by lots of nervous press releases from manufacturers and software companies, either promising fixes, or claiming the security issues are non-existent or irrelevant.
This one, reported by Engadget and uncovered by security researcher Craig Heffner, highlights a long-standing problem with wireless routers known as DNS Rebinding. Heffner developed a tool that managed to crack open more than half of the thirty routers it was tested on, including popular models from the likes of Belkin and Linksys. Internet and network traffic passing through hacked routers can be intercepted or redirected, potentially allowing remote access to files on a user’s computer. Although the full extent of this vulnerability has yet to be revealed Heffner says there’s a lot users can do to protect their routers. This includes changing the setup menu’s default password and IP address, which will help until the manufacturers come up with a more permanent solution.
On October 13th, 2009, Microsoft started serving to Windows users patches for no less than 34 vulnerabilities, releasing the most security bulletins in the company’s history. The 13 security bulletins made available are designed to offer fixes for a range of security issues affecting Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server. Microsoft underlined that, despite the large number of patches, all security updates had been thoroughly tested, and only received the green light for broad release once they met specific quality standards.
Out of the total 13 security bulletins released, eight have received Microsoft’s maximum severity rating, namely Critical, indicating that they are designed to patch severe vulnerabilities that could allow for remote code execution in the eventuality of a successful attack. The remaining six patch packages have all been deemed Important, a less severe rating. However, customers should apply the patches offered by the Redmond company immediately. The simplest way to access the security updates is through Windows Update. Users with Automatic Updates enabled will have all patches automatically downloaded to their machines.
Microsoft revealed that no less than seven security bulletins with a maximum severity rating of Critical out of the total eight also had an exploitability index of 1. The highest possible exploitability index: 1 is indicative of the fact that Microsoft considers the possibility of exploit code becoming available in the wild for the seven flaws extremely likely, perhaps even within the first 30 days since the patches were released. This just in case you needed additional incentive to deploy the security updates. More »
How many times has this occurred? You find a great web site, but it requires an account before you can access the site. So you create the account, password and secret question and let FireFox remember the account information. Time goes by and your at work or on another computer, and decide that you want to visit that great site, but can’t remember the password.
Sure you can have the site email your password, but it also wants you to answer the secret question. Now what? Time to dig into FireFox Password Manager….
Just go to Tools, Options and click on the Security Tab then click on Show Passwords (version 2.0 shown below) or View Saved Passwords (version 1.5 not shown) button. More »