Press "Enter" to skip to content

Posts published in “Security”

Senate To Kill Current Version Of CISPA

By Christine Hall on April 25, 2013 |

Internet, News, Politics and Security

U.S. News & World Report was the first to announce this afternoon that the Senate will evidently not vote on the cybersecurity bill known as the Cyber Information Sharing and Protection Act or CISPA. According to a report published on their website, the news organization has received assurances of the bill’s death from an unnamed member of the U.S. Senate Committee on Commerce, Science and Transportation that has been considering the bill as passed last week by the House of Representatives:

Continue readingSenate To Kill Current Version Of CISPA

How To Put Your Shields Up To Protect Your WordPress Site

By Christine Hall on April 22, 2013 |

Internet, Security, Software, Tutorial and Web Apps

In case you haven’t heard, the popular open source website platform, WordPress, is under attack by black hat hackers. These attacks are being waged primarily against sites using the WordPress platform that are not being hosted on wordpress.com. According to KrebsonSecurity, a small botnet is being used to break into the back door of WordPress sites in an apparent attempt to build a super botnet:

“According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.

“Incapsula co-founder Marc Gaffan told KrebsOnSecurity that infected sites will be seeded with a backdoor that lets the attackers control the site remotely (the backdoors persist regardless of whether the legitimate site owner subsequently changes his password). The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingHow To Put Your Shields Up To Protect Your WordPress Site

Oracle Serious About Java Security–Maybe

By Christine Hall on April 22, 2013 |

Browsers, Internet and Security

We’re not ready to tell you we think it’s safe to reactivate your Java browser plugin–in fact, just the opposite–but we will say that Oracle is at least giving the appearance they’re now serious about addressing browser-side Java’s safety. Early last week they issued a security patch that fixed either 41 or 42 Java security issues, depending on what website you’re reading.

Excuse us if we don’t seem too impressed. At this juncture all we’re willing to do is say with utmost snark, “It’s about time.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingOracle Serious About Java Security–Maybe

Java Remains Unsafe–Not Likely To Be Fixed Soon

By Christine Hall on March 14, 2013 |

Browsers, Internet, Security and Software

Guess what? We’re hearing reports this morning that the black hats are continuing to take advantage of security vulnerabilities in Java. Of course they are. That’s what black hats do. We’re also hearing from security experts that browser side Java isn’t likely to be made secure in the near future.

Oracle’s management of Java since obtaining it from Sun has been nothing short of a joke. It’s about time for them to decide if they want to keep Java or not. If they don’t want it, they need to spin it off or let it die. If they think it’s a valuable part of their software portfolio, they should treat it as such and work overtime to make it safe.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingJava Remains Unsafe–Not Likely To Be Fixed Soon

The Robo Cloud Is Coming

By Christine Hall on March 10, 2013 |

Internet, Potpourri and Security

I was just getting used to yesterday and suddenly it’s tomorrow.

Am I the only one who worries that we’re going a little too fast in our move to bring robotics into everyday life? Shouldn’t we sit down as a group and ask first, “Is this really something we want to do?” Maybe I’ve read too much science fiction, or maybe it’s those images from The Matrix that I just can’t get out of my mind. Or maybe it’s the memory from 2001 of the mentally ill computer with self awareness, Hal, trying to convince Dave that it was all a misunderstanding and that he promises to be good if only he’s not disconnected from his power source.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingThe Robo Cloud Is Coming

Oracle Patches 2 Java Holes–At Least 5 Remain

By Christine Hall on March 6, 2013 |

Browsers, Internet, News and Security

It would seem that Oracle is getting serious about addressing security issues in Java. Late Monday the company pushed Java 7 Update 17 that fixes two security holes that were already being exploited in the wild.

The vulnerabilities addressed in Monday’s patch had been known since at least February 1 and were originally scheduled to be fixed in a scheduled security update in April, according to a security blog on the Oracle website:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingOracle Patches 2 Java Holes–At Least 5 Remain

Five, Count ‘Em, Five New Security Holes In Java

By Christine Hall on March 5, 2013 |

Browsers, Internet, News and Security

Those who thought it was safe to re-up Java on their browsers will need to go back and turn it off again.

If you listen to us, after you do you’ll never turn it back on. Browser side Java has been made pretty much obsolete by newer technologies, which means you don’t need it, especially since it’s proving to be about as easy to keep secure as ActiveX, sandbox or no. Here at FOSS Force, we haven’t had it enabled on our browsers for years, with no noticeable problems when we surf the web.

You may remember that back on January 10th it was announced that Java had a security vulnerability that was already being exploited in the wild. This security hole was serious enough to prompt the U.S. Department of Homeland Security to suggest that browser side Java be turned-off on all computers.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingFive, Count ‘Em, Five New Security Holes In Java

Avast AV Finds Malware On LA Times Website

By Christine Hall on February 13, 2013 |

Browsers, News and Security

This morning the Prague based antivirus company Avast! pushed notification to it’s subscribers of the presence of malware on the LA Times website. The notification came by way of a link to a blog on the antivirus company’s site delivered with the morning’s virus signature update. According to the blog’s writer, Brian Krebs, the Times site has been affected for about a month and a half. The problem is not site wide and only affects visitors to a small section of the site:

“…Fortunately for most of the users, only one of the low-profile websites was infected, so the assumed number of the infected people is not really high. But! I checked yesterday’s stats, then day-before-yesterday and the result was a bit of shocker! We have consecutive reports of malicious iframes on their sub-site from 23rd of December and it is still working there while I’m writing this blog.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingAvast AV Finds Malware On LA Times Website

Java: Where Oracle, Twitter and Black Hats Meet

By Christine Hall on February 5, 2013 |

Internet, News and Security


Back on January 24th, Oracle was sitting on their hands after issuing incomplete patches to not handle security issues in Java, issues bad enough to evoke dire warnings from the U.S. Department of Homeland Security. I opined on that day that Ellison’s hired help needed to get off their duffs and come up with a good fix quick, even if Java has turned-out to be a puppy Larry Ellison no longer wants to keep. Evidently, somebody in Deadwood City felt the same way, as Oracle pushed a patch this past Friday addressing 50 security holes in the beleaguered programming language.

Wait a minutes, did I just write that the patch addressed 50 security holes? I’ve got a five pound block of Swiss cheese in the fridge that has fewer holes than that. I think if I was Larry Ellison I would be ashamed to admit I’d allowed that many security vulnerabilities to accrue unfixed while any project was under my care. I think I’d fix ten a day or something in five separate patches and try to make it look like I had my security eagles working overtime finding new holes ahead of the bad guys.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingJava: Where Oracle, Twitter and Black Hats Meet

Will Oracle Wake Up & Smell the Java?

By Christine Hall on January 24, 2013 |

Business, Security and Software

Does Oracle not know their own code?

I’m talking about Java. You know, the write-once-run-anywhere platform that seems to be severely broken from a security viewpoint, rendering it more than useless when used inside a browser.

Oracle, the company that’s owned Java since purchasing Sun Microsystems in 2010, seems to be clueless. Back in October the company pushed out a patch to fix some security holes that were already being exploited. There were complaints at the time that they were being secretive, saying little to nothing publicly about the problem, acting as if they were sweeping dust under a rug. Indeed, two months earlier, in August, the founder and CEO of the Polish security firm Security Explorations, Adam Gowdiak, told PCWorld that Oracle had known about the security problem for months:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingWill Oracle Wake Up & Smell the Java?

Dotcom’s New Mega: Not Ready For Primetime

By Christine Hall on January 23, 2013 |

Business, News and Security

It’s funny how things work out. Entrepreneur Kim Schmitz changed his name to “Dotcom” in respect for the technology that made him filthy rich. However, his newest website doesn’t end in dotcom. He doesn’t dare use that top level domain because that would be an open invitation to the U.S. authorities to mess with him. I think Mr. Dotcom would like to be through dealing with the American government if he can. So he’s using .nz, the top level domain code for New Zealand where he resides.

Actually, his new site is a double dot–mega.co.nz, or Mega. Originally, he planned to use the too trippy url Me.ga, using the domain country code for Gabon, a plan that was derailed because the government of Gabon didn’t want to be party to “violating copyrights.” Mr. Dotcom might be excused for suspecting the United States for being an outside instigator in this matter.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingDotcom’s New Mega: Not Ready For Primetime
Breaking News: