IT Security Blog

Mac OS X Has Java Security Flaw

By

mac_os_xOne reason that some people prefer to use Macs over PCs is the fact that the former is considered to be far more superior to the latter when it comes to security. However, that does not mean that Macs are not totally immune to security issues. As a matter of fact, security experts recently warned Mac OS X users of a security flaw that involves Java.

CNET tells us all about it:

Macintosh security consulting firm SecureMac.com on Tuesday issued a critical warning for what it says is an unpatched Java security vulnerability in Apple’s Mac OS X.

According to the man credited with discovering it, Landon Fuller, the Java flaw even affects the latest version of Mac OS X, 10.5.7, released just a week ago. Fuller has gone so far as to release a proof of concept for the security hole.

The vulnerability could be used to perform what SecureMac refers to as “drive-by-downloads,” or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.

While the fact that a security flaw is certainly acceptable, the fact that it has remain unpatched to date is hard to understand. It is even more perplexing as the flaw had been discovered before the latest update to the OS was released. Is Apple not aware of the flaw (I seriously doubt it) or are they not seeing it as a serious threat?

What’s Up With Conficker?

By

microsoft_logoIf you remember, everyone was up in arms about April 1. This was supposed to be the day that the third version of the Conficker worm was to be released. It’s been several days since April Fools and it seems that nothing big happened. (Knock on wood.)

So what’s up with the Conficker worm? Is it’s reign over? Can we sit back and relax now? According to PC World, no one really knows. They just published a story on it yesterday and here is what they have to say:

But nobody knows for sure what Conficker can accomplish. However, at the time of this writing no Conficker-related catastrophes have surfaced and some think the threat never will. So as attention shifts away from Conficker, it’s important to know where we stand against the world’s most famous piece of malware.

While nothing has happened in the last week, we should not forget that the other 2 versions of the worm is still out there. And if your computer is not protected, you are still a sitting duck.

One thing that I recently learned, you can still access the security patch for the worm even if your operating system is not the real deal (READ: pirated). Data shows that the highest densities of Conficker infections are in areas which have pirated software. And while no one condoning the use of illegal software, “pirates” can still download the security patch directly from Microsoft. So while we don’t know what’s going on with Conficker, we should still be careful.

Viruses Preying on Removable Storage Devices

By

The growth in the use of removable storage devices has been evident in the past years and while they mainly just carry files made up of audio, video or simple documents and worksheets, they are vulnerable to virus attacks. How do they get them? Well for one, you never know if the original location of the file you were working on was virus free. This is assuming that you are transporting the file from one PC to another.

Also, you can never be too sure that once you plug on the usual USB drive from one computer to another, viruses may sneak past you. They may be equipped with anti-virus software but somehow you have to be amazed at how they breach the computer guards and make their way on USB drives.

So what is a person to do? Well for one, stick to the old practice of scanning a removable storage device first before you open any file on it. It may take a long time to finish, especially if the device is large in terms of capacity but nothing beats waiting than making sure you are protected.

Further, people fascinated with these miniature storage devices could care less if their files are infected. Sometimes it is not the file but the operating system that these storage devices contain. But make sure about it that while they have operating systems of their own, they do not have virus protection. Just be cautious, since that is the best you can do for now.

Source

Do Not Be Annoyed by Pop Up Warnings by your Software

By

For some people, seeing sudden pop-ups serving as warnings by protection software can be irritating. While it only shows that you were warned of a potential threat, some people do not really care that much as long as nothing goes wrong. There are some software options that allow you to turn it off. But for the sake of knowing what type of potential threat you may have had, it would be best to keep it on for a better understanding of what you are dealing with.

Most programs like BitDefender do this. Programs that combine anti-virus and anti-spyware protection can be sophisticated at times but the main issue here is that they are protecting you and not annoying you. So if you get a message telling you that they have blocked a potential threat to your computer is concerned, read it and then just discard it. It is the best way to understand what harmful objects are set out on the web today.

But once they are detected, what is a PC user supposed to do? In these cases it would be best to delete all the temporary files on your IE folder so that no trace of these harmful Trojans will remain.

Do not think that just because they were blocked, that is the end of it. They are still residing in your computer. So to ensure they are completely gone, delete all the temporary files at your control Panel by clicking on Internet options and deleting all cookies, temporary files and browsing histories.

Data or Program: Which are you really Safeguarding?

By

When it comes to network security, the main focus is to of course protect your IT infrastructure. But if you had a choice, which is really important; the program or the data you have gathered?

At first glance it would have to be the data for sure. Software programs can be easily modified and replaced depending on the requirements of any organization. Database protection is important since without it, companies have no basis for analysis and comparison as far as actual performance and reference for clients stored in the database is concerned. If you had to rate both, it would be data first and software second.

There are other people who put premium on software of course. But this will depend on their contingency plan better known to most IT professionals as backed up or archived data. Normally this is so basic that you don’t need to remind anyone the need to have archived historical data in cases where system crashes or intrusions may occur. There will always be scheduled backups and archiving for any program using entity since these are valued and important as far as linking all transactions and tracing revenue.

But the actual safeguarding of these two IT elements is how you expose it. There are usually policies governing the actual level of exposure such as net presence or the use of external storage devices like CDs and floppy disks. Normally, these are discouraged but knowing people who are hard headed today, some of them still ignore these policies and even get away with it.

iPhone Passcode Issue to be Patched

By

Here is another loophole for all iPhone enthusiasts and it has something to do with a security hole that has been categorized as a minor glitch by apple. Apparently the immediate resolution for this security hole is to reset the settings but the real issue has to do with potential openings given to attackers that can exploit the security holes and get access to files or maybe even do some mischief as most hackers are known to do.

Apple spokesperson Jennifer Bowcock said, “The minor iPhone security issue which surfaced this week is fixed in a software update which will be released in September.”

There is a simple workaround, Bowcock said: iPhone owners can simply change the settings so double-clicking the emergency button returns a user to the home screen, which will present a password login field if password protection is turned on.

Source

So a patch will be released by September and hopefully this issue will die down. But expect new problems to crop up once this has been settled. Being in the limelight and open for criticism is bound to result in a lot of things that should be considered and apparently iPhone has to be ready for them.

For a gadget that costs a lot, the iPhone is in for a lot of rougher sailing from the users and the critics. But before we advance a bit, it would be best to see first if this security glitch will be resolved with their so-called patch software due for release.