Category Archives: Security Tools

The Scrap Value of a Hacked PC, Revisited

October 15, 2012

A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. “I don’t bank online, I don’t store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?,” are all common refrains from this type of user.

I recently updated the graphic (below) to include some of increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums.

Microsoft Fixes Zero-Day, Four Other Flaws in IE

September 21, 2012

11 Comments

Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.

The patch, MS12-063, is available through Windows Update or via Automatic Update. If you installed the stopgap “fix it” tool that Microsoft released earlier this week to blunt the threat from the zero-day bug, you need not reverse or remove that fix it before applying this update. The vulnerability resides in IE 7, 8, and 9, on nearly all supported versions of Windows, apart from certain installations of Windows Server 2008 and Windows Server 2012.

Microsoft Issues Stopgap Fix for IE 0-Day Flaw

September 19, 2012

20 Comments

Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the… Read More »

Internet Explorer Users: Please Read This

September 18, 2012

55 Comments

Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and unpatched critical security hole in IE versions 7, 8 and 9. But some experts say that advice falls short, and that users can better protect themselves by using an alternative browser until Microsoft can issue a proper patch.

Security Fix for Critical Java Flaw Released

August 30, 2012

50 Comments

Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

Dropbox Now Offers Two-Step Authentication

August 27, 2012

26 Comments

Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts. The promised change comes less than a month after the compromise of a Dropbox employee’s account exposed many Dropbox user email addresses.

Critical Security Fixes from Adobe, Microsoft

August 14, 2012

57 Comments

Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Adobe’s fixes include a patch for a Flash Player flaw that is actively being exploited. Microsoft’s Patch Tuesday release includes nine patch bundles — more than half of them rated critical — addressing at least 27 security holes in Windows and related software.

Banking on a Live CD

July 12, 2012

133 Comments

An investigative series I’ve been writing over the past three years about organized cyber crime gangs using malware to steal millions of dollars from small to mid-sized organizations has generated more than a few responses from business owners concerned about… Read More »

Secunia’s Auto-patching Tool Gets Makeover

June 29, 2012

54 Comments

Vulnerability management firm Secunia has shipped a new version of its auto-patching tool — Personal Software Inspector 3.0 – a program for Windows users that can drastically simplify the process of keeping up-to-date with security patches for third-party software applications.

The final release of PSI 3.0 supports programs from more than 3,000 software vendors, and includes some key changes that address shortcomings identified in the beta version that I highlighted back in February.

If You Use LinkedIn, Change Your Password

June 6, 2012

54 Comments

An archive reportedly containing the hashed passwords of more than six million LinkedIn accounts is circulating online. LinkedIn says it is still investigating the claims, but if you use LinkedIn, you may want to take a moment and change your… Read More »