BOHICA

I mentioned I was on a business trip, during our long road miles my co-worker and I listened to quite a few podcasts. One that was really interesting is the current episode of Security now, episode 91. (http://www.twit.tv/sn91).

In this episode Steve and Leo interview Marc Maiffret of eEye Digital Security (http://www.eeye.com/html/index.html) about the state of security both in the Enterprise and at home. In this episode Marc makes a starting yet fascinating assertion, namely that Microsoft Software is no longer the biggest vulnerability on the Windows platform. Instead, their research shows it’s other software that’s opening up vulnerabilities.

Part of the issue occurs because these vendors lack the concept of “Patch Tuesday” that MS has. Additionally, they tend to bundle their security fixes with other software updates. A user looks at a 47 meg update and goes “hmm, my app is running fine, don’t see a need to update” and misses all the security fixes.

Now, before some joker comes off with “run Linux it’s secure”, on a recent episode Steve talked about a Javascript exploit that can affect your router and effectively open it up. And yes, the exploit works on both Windows and Linux and it also runs under FireFox as well as IE. (Please note I’m not bashing Linux, I have it on a few of my boxes, I’m just realistic about its security abilities.)

The point I’m making here is to make sure to update ALL of your software. Like many I dutifully have my Microsoft updates run automatically each week, but have declined updates of other software thinking “nah, it’s working right now not gonna worry about it”. You can bet I won’t make that mistake again!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: