New vulnerability endangers Internet Explorer users

By: Doug Zbikowski

iewarn

UPDATE (May 1, 2014, 1:30pm ET): Microsoft has released an emergency patch for the Internet Explorer vulnerability. In a surprise move, they also released an update for Windows XP! Head over to Windows Update to get it.

A new bug has been discovered that could put Internet Explorer users at serious risk. Until the problem is fixed security experts are calling on users to switch to an alternative browser such as Google Chrome or Mozilla Firefox. In a rare move, the US Government is advising to users to switch to another browser until Internet Explorer is fixed.

On April 26th, 2014, Microsoft announced that all versions of Internet Explorer are at risk for “drive-by” attacks from malicious websites. This new vulnerability, dubbed CVE-2014-1776, has the potential to give hackers direct access to your computer, allowing infected web sites to install malicious applications, create new Windows accounts, and change or delete data stored on the computer. Disturbingly, these attacks have actually been observed in the wild by Internet security firm FireEye, who started observing this type of attack as early as February. Microsoft says attacks seem to be coming from websites that feature advertisement feeds or user-provided content where an attacker could insert malicious code. At this time it is unknown whether Microsoft will release an emergency patch or wait until patch Tuesday on May 13th to fix the vulnerability. Read more of this post

Advertisements

Security Firms Recommend Disabling Java Due To New Exploit

Security researchers are recommending users disable Java on their computers after an exploit has been discovered that could possibly allow a malicious website to take control of your computer.

Java, a set of software tools that allows advanced features to run on websites, currently has a vulnerability that can allow an attacker to run unauthorized applications on a vulnerable computer. Being a zero-day vulnerability, antivirus firms and Oracle (the manufacturers of Java), have not had time to implement a fix, leaving both PC’s and Macs unprotected until a patch becomes available. Security firm Alien Vault as reported websites using this exploit are already showing up in the wild. Read more of this post

Security Alert for Internet Explorer Users

Microsoft URGES everyone to install security tool

UPDATE: Microsoft has released a patch to fix this security issue as of 9/22/12. Please run Windows Update to make sure you are patched.

 

This week, Microsoft is urging Windows users to install a security tool to protect against a newly discovered bug in Internet Explorer.

This security issue may allow hackers to take control of infected PCs and affects all versions Internet Explorer browsers. Microsoft is currently working to patch the flaw, but their security tool should protect users in the meantime.

The free security tool, called the Enhanced Mitigation Experience Toolkit,  is available from Microsoft.

The malicious software,  known as Poison Ivy, was discovered last Friday and has the capability of stealing data and assuming remote control of infected PC’s. Being a “zero-day” infection, there are not any effective patches or protections available against it as of yet. Antivirus manufacturers are working on updates to protect against Poison Ivy, and are expected to have them available later this week.

In the meantime, be sure to install any Windows updates as soon as they are available. Check for the latest updates from Windows Update.

For free antivirus software, visit TOAST.net’s Software Page.

Update 9/20/12:

Microsoft has announced a patch for this vulnerability will be made available on Friday, Sept. 21st via Windows Update.

And the 25 Worst Passwords Are…

I’ve covered this before, but it’s worth repeating: using “password” as your password is not a good idea.

“Password”, “123456”, and the ever more secure “12345678” are the most used passwords of 2011 according to a recent report from security provider SlashData. Hackers love simple passwords, and it seems we’re making it easy for them. According to the report, sequential characters such as qwerty and 123456 are popular choices, as well as names of children and pets. Other choices such as “dragon” or “superman” are harder to explain, but may come from objects or images in the vicinity of the user. As websites require passwords to contain numbers and letters, it makes sense that we’re seeing abc123 and trustno1 on the list as well. Read more of this post

Cloud Services: Going Green Saves You Green…

Green CloudTOAST.net has been singing the praises of cloud services for years, and with good reason. Cloud based email, document systems, security, and web tools are easier to use, easier to maintain, incredibly less expensive, and now it turns out they help to save the planet. Read more of this post

Twelve Easy Ways to Protect Your Online Privacy

Many people think the Internet is full of boogeymen waiting to jump them after every click.  I think this is why so many users have trouble with computers.  They don’t trust them.  They’re convinced that one mis-click will end Social Security, start a war with Brazil, and all things chocolate will turn into vanilla.

There’s a widely-held belief that computers have this much power.

The truth is, the Internet isn’t all that bad.  It’s actually the user that has all the power.  Part of the  perceived problem is caused by common sense (or the suspension of).   Something happens where a user’s inhibitions go out the window while they’re online.  It’s like their mouse is injecting tequila into their bloodstream, and after a while —   WOOHOO!!!  Anything goes!  I’ll tell anyone anything!

The other part of the perceived problem is complacency.  If you’re in your pajamas, in your office, or better yet — in your pajamas while in your office, you feel safe and secluded.  Nothing can reach you there.  You start getting lazy about update notices, stop reading things through before clicking on them…and then BAM!  You’re nailed.

Vigilance is the key.  There is no vacation from following safe practices.  Just follow these twelve steps and keep yourself out of trouble: Read more of this post

Password Security – You Need To Care

TOAST.net recently began requiring our customers to use a minimum 8 character password due to security enhancements we’re implementing. When contacting our users that were sporting such classic passwords as “abc123“, “fred“, or my favorite: “none“, I was a bit surprised at some of the responses we were receiving.  People seem to be reluctant to choose a better password for strange reasons:

  • I’ve been using the same password for years!
  • I can’t remember another password!
  • I don’t care about my password, there’s nothing important in there anyway!

I thought I would take some time to explain why password security is critical on any Internet account, despite it’s importance. Read more of this post

%d bloggers like this: