Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.




Web www.lockdown.co.uk   

Quickest Patch Ever

Filed under: September 08, 2006

Bruce Schneier has an excellent article over at Wired News about the way Microsoft rushed to path a hole in it’s software… and it’s not a security hole that the average person would worry about…

“But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.”

Read the full article at Wired News

Utility Nukes Windows Genuine Advantage Callbacks

Filed under: June 22, 2006

From eWeek.com

Firewall Leak Tester, a company that provides tools to test the quality of personal firewall software, has released a utility called RemoveWGA that blocks Microsoft from “phoning home” from Windows PCs on a daily basis.

Read the full story at eWeek.com

Microsoft Gives Workarounds for New IE, Windows Flaws

Filed under: February 09, 2006

eWeek reports that Microsoft have issued work-arounds to for two flaws in it’s products.

Microsoft late Feb. 7 issued two separate advisories with pre-patch workarounds for a privilege escalation vulnerability in Windows and a new code execution hole in older versions of the Internet Explorer browser.

Does Windows Patch Without Permission?

Filed under: January 10, 2006

Email Battles has some speculation that Microsofts WMF patch has installed itself without asking permission from the user.

Another 10 holes in Microsoft software

Microsoft have released another of their monthly monster patches, this time they’re patching quite a few remote code execution vulnerabilties which are kind of scary.

See this knowledge base article for more info and details of where to get the patches.

Mozilla Firefox 1.0.4 Released

Filed under: May 12, 2005

Mozilla have released an update to the best browser there is, this update fixes a couple of security vulnerabilities so if you’re running Firefox you should upgrade immediately, and if you’re not running Firefox, why not? You’re missing out.

Details of the three widely publicised flaws can be found here MFSA 2005-42, MSFA 2005-43, MSFA 2005-44.

Release notes are here.

Now even JPEG’s are scary for Windows users

Filed under: September 15, 2004

Almost unbelievably Microsoft have revealed that there is a critical flaw in their code that handles the display of JPEG Images in many Microsoft products including Windows XP, Office XP, Office 2003, Visual Studio .NET and even Internet Explorer. For years people have always held that JPEG’s are safe, they’re not executables and there’s no chance of them holding any malicious code, that was until now.

The flaw is that there is a potential for maliciously crafted JPEG image to create buffer overflow when viewed, executing malicious code in order to attack the users system.

This is particularly embarrassing for Microsoft as even they have held in the past that JPEG is a safe filetype. This news will no doubt receive much press attention and I bet Microsoft are thanking their lucky stars that they managed to get a set of patches created before details of the exploit went public.
Because so many products and components are affected it’s not easy to tell if you’re affected so Microsoft have created a tool that detects if your system is vulnerable.
Trustworthy Computing anyone?

Microsoft patches

Filed under: July 14, 2004

TheRegister has information on a batch of recently released patches from Microsoft.

Head straight over to Microsoft and grab them ASAP if you’re a Windows user.

Microsoft Responds to Mydoom

Filed under: January 29, 2004

Microsoft responded to the Mydoom worm and provided some assistance for those infected or worried by it at http://www.microsoft.com/security/antivirus/mydoom.asp. Some of the advice on that page…

How to Help Protect Against This Worm
If you ever receive a questionable e-mail message that contains an attachment—especially if it has a .zip file extension—do not open the attachment.

They are correct in saying that you should never open attachments on questionable emails, but their emphasis on the .zip file extension strikes me as a little strange, I’d be more worried about .exe and .scr etc. myself.