Here is a heads up that we are seeing the online backup application Carbonite, put out by the company of the same name, bundled with a Java update. If you aren’t careful, when you click through the Java update installer, you get Carbonite and a 30 day trial subscription to the service. Not sure if the trial subscription is automatic or if that’s an extra step. Now, I am not saying anything bad or good about Carbonite, I haven’t ever used the service (naturally I prefer MYfilesanywhere), but any time an application gets installed automagically without my express consent, it sets off a red flag in my book.
Archive for the ‘Security’ Category
Aug
6
6
Piggyback App On Java Update
0 Comments
Jul
12
12
New Version Of WordPress Is Out
Look alive there folks, WordPress has released an update to their web publishing platform. Version 2.8.1 is live and it seems like a quick and easy upgrade. In case you haven’t tried WordPress lately (or at all), or haven’t upgraded in a few versions, they now have built in the capability to upgrade not only plugins, but also the whole distro right through the point and click admin panel or dahsboard. You need an FTP account somewhere to make the magic happen, but most people running a web site have that, and if not they are easy to come by. So far, I have had great success with their automatic upgrade features, both for plugins and WordPress itself. Being who I am I was very skeptical at first, but it’s actually worked wonderfully so I thought I would share. Now, get out there and get to upgrading. Unlike some other software entities that add more bugs and security holes than they fix, the guys and gals at WordPress actually imrpove the software with each new release. Let me know what you think, post a comment and share your opinion.
Jun
21
21
Simple Machines Forums (SMF) and Deleting Multiple Posts by One User
OK folks, I came up with something helpful and I thought I would pass it on. Recently I had a spam bot (or maybe a real person, who knows) join the forums. Went right through all of the security controls and verifications. Then, said user went about posting almost 500 porn posts all over my site’s forums. Posting topics, posts, pics and embedded videos, it was really bad and I was really mad. First off I banned the user, no problem. I figured I would do that so I could keep relevant info like IP and email addresses rather than just deleting him. Now I had the arduous task of removing all those damn posts and topics.
I do know that you can delete a user and tell SMF to also delete all of those users topics posts as well, but that hasn’t worked in the past so I did it on my own. Here is what I did.
Jan
31
31
New Feeds Foretell Patching Plagues
You may already be familiar with the feed I put up from Security Focus so you can easily get the latest news on vulnerabilities that are either already out in the wild or have the potential to be soon. If not, check it out here. As I am always looking to improve things, I recently added some feeds that will deliver the latest advisories for Red Hat, SuSE and Ubuntu Linux quickly and easily. So, to recap, from here you can easily get information on the latest vulnerabilities overall, plus the latest advisories for three top Linux distros: Red Hat, SuSE, and Ubuntu. Check ‘em out and look for more good stuff, as I find new ways to deliver goodness, I’ll be adding them. Thanks.
Jul
9
9
Heads Up! Microsoft’s DNS Patch and ZoneAlarm Don’t Play Well
It appears that if you are running Windows XP Service Pack 3 and using ZoneAlarm firewall software, when you install patch KB951748 (MS08-037) that came out yesterday’s “patch Tuesday” bunch, it breaks ZoneAlarm. You cannot access the Internet until you either uninstall the patch or turn off ZoneAlarm. This patch is related to the DNS poisoning exploit that came out recently, so it should be applied. What to do? Well, one suggested workaround (other than the two mentioned above) was to lower the security settings to medium in ZoneAlarm. At least then you don’t have to disable it entirely. Another suggested fix has been to leave ZoneAlarm at High and set the Internet Security Zone to Custom and add the following rule “Allow outgoing TCP Ports:80,443″. I cannot verify that these fixes work, I don’t use ZoneAlarm myself, but others hit by this problem have had success with them.
Here is the Microsoft link with information about the patch:
http://www.microsoft.com/ … /ms08-037.mspx
Here is the official link from ZoneAlarm about the problem:
http://download.zonealarm.com/ … /LossOfInternetAccessIssue.html
Jan
15
15
Security Alert, Most Home Routers Vulnerable to Flash UPnP Attack
Another goodie from Slashdot:
“folks at GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL. Looks like Firefox & Safari users are safe for now.”
Wow.
