[SecurityRatty] tag: plug-ins

Vulnerabilities and Office Versions

Mon, 01 Dec 2008 04:19:33 +0000

Most of the ink on Microsoft vulnerability coverage goes to browsers and operating systems, but in a way the best progress vulnerabilities have made has been in Microsoft Office. Some of the great attacks of all time (remember LoveLetter?) have been through Office bugs, and I believe most targeted attacks over the last few years have utilized vulnerabilities in Office document parsers. That's why it's encouraging that Microsoft has done a much better job in making current versions of Office secure, as David LeBlanc's recent blog shows. He claims that the company has really stepped up the security testing for Office 2003 SP3 and Office 2007, and that it shows up in the number of reported vulnerabilities. The trend is clear: There are about half as many vulnerabilities as for earlier versions. There may be a little flaw in the analysis in that LeBlanc studied reports during the period from 9/18/2007 to 11/17/2008. By that time earlier Office versions had been around for a long time and many vulnerabilities had already been reported on them. But even so, it makes the numbers all the more impressive for the new versions; the older ones had already had the low-hanging fruit picked clean and yet they still had CVE numbers in excess of the new ones. It seems there is no low-hanging vulnerability fruit in new versions of Office. Are you running an old version of Office? Are you running Office 2003 SP2, which reached the end of support life in October? If so, you are exposing yourself to more known threats than you may think. Office versions are not plug-and-play interchangeable. It's unfortunate that Microsoft saw fit to accompany Office 2007's security enhancements with a radical user interface change. I personally have gotten used to it, but I can see an enterprise being intimidated by the training it would necessitate. If you feel you're stuck in Office 2003, at the very least it's irresponsible to linger on in an old service pack. Do what you can to move on to SP3.

Blue Coat plugs into Packeteer appliance

Tue, 11 Nov 2008 21:00:00 +0000

Blue Coat Systems has released a software plug-in that allows the security and WAN acceleration provider to use one the most important bits of technology from its $268 million acquisition of Packeteer.

ActiveX poses threat to Vista, Microsoft says

Mon, 10 Nov 2008 02:00:00 +0000

Computers running Windows Vista are significantly less likely to be infected with attack code than those running Windows XP, though Vista continues to be threatened by Microsoft's own ActiveX browser plug-in technology.

Wannabe Bond Villains' Last Line Of Defense

Tue, 04 Nov 2008 00:50:01 +0000

When security in your underground base has been breached and you are about to be overrun, what's the last line of defense? It's a device called a Fast-Rising B Plug.

ActiveX bugs pose threat to Vista, Microsoft reports

Mon, 03 Nov 2008 02:00:00 +0000

Computers running Windows Vista are significantly less likely to be infected with attack code than those running Windows XP. But Vista continues to be threatened by Microsoft's own ActiveX browser plug-in technology, according to a report by the company.

Wannabe Bond Villains' Last Line Of Defense

Sun, 02 Nov 2008 19:00:00 +0000

When security in your underground base is breached and you are about to be overrun, what's the last line of defense? It's a device called a Fast-Rising B Plug. And wannabe Bond villains inspired by the new movie should take note.

Browse a Censored Web Through the China Channel FireFox Plug

Tue, 28 Oct 2008 04:20:01 +0000

It's no secret that the Chinese government censors web content, but what's it like to actually be a citizen trapped inside the Great Firewall of China? A new FireFox plugin called China Channel can show you

Browse a Censored Web Through the China Channel FireFox Plug

Tue, 28 Oct 2008 04:20:01 +0000

Links List 10.24.08

Fri, 24 Oct 2008 14:55:16 +0000

Ah a mystery. In “The strange case of the slow server”, Jack Hughes at The Tech Teapot had problems with internet presence – slow website loading, problems logging in and slow emails. Sound familiar? In Jack’s case, the culprit was his main download site but the real issue was lack of visibility across multiple tools that provided much info but not in a way that was really usable. “The main lesson I take away from this is to make sure you’re creating meaningful stats for everything you’ve got because you never know what may be causing you a problem.”

Information Week’s new blog, Plug Into the Cloud, is already in the thick of the controversy on the emerging cloud computing trend. A recent post lists a bunch of highly opinionated comments on the topic by site visitors, running the gamut from “Cloud computing is kind of like the Emperor’s New Clothes” to “cloud software can actually be more expensive than the software I load onto my hard drive.”

Jeff Doyle writes an interesting post about resistance to IPv6 adoption (what, you think we forgot?). Instead of the usual focus on IPv6 as an application issue, he points out that it’s actually an infrastructure thing. Would you wait to upgrade routers, switches, software, or servers until you can find a way to make the newer systems profitable? Would you wait to increase bandwidth only after you have customers waiting to use it? If you’ve answered these questions “no”, then why are you waiting to upgrade to IPv6?

We posted about whether or not there were recession proof products in IT yesterday. Network World Management Maven Denise Dubie also writes about readers weighing in on IT and the economy – from having to do even more with less to seeing the economic downtown as an opportunity to highlight IT’s true value to the business.

And finally, on the lighter side: What would we do without crazy billionaires and their crazy purchases? According to a New York Times article, a company controlled by Google’s top execs just added a fighter jet to their roster. “Presumably no attacks on Microsoft are planned at this time.” (image from Wikipedia)

Plug Pulled on Hamas' YouTube Ripoff

Wed, 15 Oct 2008 16:44:00 +0000

A few weeks ago, Western intelligence officials discovered that the Palestinian militant group Hamas had set up a video-sharing propaganda site. Now, that radical Islamic answer to YouTube is offline. Jihadists are blaming the FBI for the takedown.