Monday, December 1, 2014

2014-12-01 WTKM Talking Points (December 1st. 2014)

USPS hacked. Personal data of 500,000 full time and 178,000 part time employees stolen including SSN numbers! Plus names, addresses, telephone numbers, email addresses and other information of people dialing in to one of the USPS’ call centers between Jan 1st. and Aug. 16th of this year. Credit card information was not compromised.

Microsoft's own language says it:
"Remote code execution if an attacker sends specially crafted packets"
"remote code execution if a user views a specially crafted web page using Internet Explorer"
Original quotes from MS bulletins for November's Patch Tuesday.
I preach for many years: Don't use IE.

New flaw in VERY IMPORTANT and ubiquitous security software got quietly patched. In this context a prominent MS security researcher said:
"It is of critical importance that all versions of Windows are updated ...”
Sad that we still need to be reminded – and sadder yet that some still don't do it.

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements your computer
already needs to be cleaned!

Microsoft's newest “... Security Intelligence Report” makes it clear: Not up-to-date or expired security software does NOT protect in any way!And I thought that was a no brainer; Silly me.

Adobe pushed out its own Patch Tuesday updates. .. [they] released Flash Player fixes that squash four pretty bad flaws.

Poodle: An understandable explanation and instructions on what to do are here.

Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Win 10 Technical Preview updated to build 9879.

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

Hot off the press this morning: TheWeather Channel web site open to simple, primitive attacks if you click on any link in that web site!

No comments: