Tuesday, November 10, 2009

Security Smorgasbord, Vol 1, No. 6

It's Patch Tuesday, so Windows users need to make sure that Windows Update has pulled down the latest round of security goodness from Microsoft. Three critical remote code execution vulnerabilities are among the 15 fixes to be patched. Take Internet Explorer (doesn't work with Firefox, sorry) here.

----------------------------

The iPhone has been Rickrolled
:

There's a worm on the lose that targets iPhones where the owner has jail broken them, and then forgot to change the default SSH password:
The trouble is that the most common jailbreaking software installs SSH using a default password. As a result, users who jailbroke their iPhone but never changed the default password are vulnerable to being "Rickrolled" by this worm, or worse.
If you haven't jail broken your iPhone (or if you have but changed the SSH password), then you can sit back and smirk.

-----------------------------

CBS News' 60 Minutes has takes a short break from forging documents, and produced a good overview of Cyberwar, and the threat to our power grid:



A couple of things to point out:

1. I'm skeptical that the Brazilian blackout was caused by intrusion, rather than by accident. While the threat to the power grid is IMO real, I don't think this is an example of it.

2. You probably still need state actors to pull off a major blackout, because it's not enough to take out a station or two. You need to punch enough holes in the grid that it comes apart, which means a lot of careful planning and execution - probably more than anyone other than a government can do. The Russians and Chinese are particularly active.

3. It's a target rich environment - more so than 60 Minutes lets on. But it's good to see people taking this very seriously.

4. You might think that I am an idiot. I can neither confirm nor deny anything.

Well done, 60 Minutes.

1 comment:

  1. Maybe someone hacked into their network and produced it for them.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.