Sunday, September 19, 2004
Another week, another patch
Ho-hum - another week, another patch. Andrew Brandt at the PCWorld blogs posts about a new vulnerability that apparently affects all applications on Windows that can display JPEGs.
The bug requires you to patch not only Windows (apparently Windows XP SP2 is unaffected), but any applications that can display JPEG images. That includes:
* Your office applications suite (including all versions of Microsoft Office).
* Your browser (Mozilla has some problems of its own).
* Any image-editing program you might use, including Photoshop, or PaintShop Pro.
Check out the list at Microsoft's site - it is more comprehensive, and includes Windows XP, Office XP (Outlook, Word, Excel, Powerpoint) and Office 2003 (ditto). A whole bunch of patching to do. I already have a Linux machine. I am thinking it might be simpler to simply power down my Windows box. Or perhaps, make it a dual-boot with Linux, and stay primarily on Linux.
Software vulnerabilities have been the cause of all kinds of hostile action - from industrial espionage to extortion. Stephen Baker in BusinessWeek (carried therefrom by Yahoo! Finance) had this story on denial-of-service attacks linked to extortion rackets.
With this step into extortion, denial-of-service attacks are becoming a lucrative racket. In the Web's early years, hackers unleashed similar attacks against the likes of Microsoft Corp. (NasdaqNM:MSFT - News)or the Recording Industry Association of America simply to strut their power or voice political grievances. Now they want cash. And online casinos make an easy first target. Illegal in the U.S., many are based in countries such as Costa Rica and Antigua, whose police are ill-equipped to battle sophisticated international cybercrime. Casino operators, some of whom face illegal gambling indictments in the U.S., grouse that the FBI does little to battle attacks against offshore gambling sites.
This brings me to the sermon of the day. A good number of Internet attacks can be prevented by simply installing firewall software. Firewall software is something that I think everybody should have running on their computers because one, this is software that is available for free, and two, in addition to preventing denial-of-service attacks, the firewall protects the privacy of your own data. I would highly recommend installing one.
Especially if you have a broadband connection, and especially if you are brave enough to run Windows on that machine :) Full disclosure : I am on a Windows machine on a broadband connection, but I usually go through a proxy, which does application-level filtering. I am also running Cisco's VPN client, which includes a "stateful firewall". (I am guessing that means that it is a multi-layer stateful firewall, maintaining state on packets and connections between the OSI layers.)
The bug requires you to patch not only Windows (apparently Windows XP SP2 is unaffected), but any applications that can display JPEG images. That includes:
* Your office applications suite (including all versions of Microsoft Office).
* Your browser (Mozilla has some problems of its own).
* Any image-editing program you might use, including Photoshop, or PaintShop Pro.
Check out the list at Microsoft's site - it is more comprehensive, and includes Windows XP, Office XP (Outlook, Word, Excel, Powerpoint) and Office 2003 (ditto). A whole bunch of patching to do. I already have a Linux machine. I am thinking it might be simpler to simply power down my Windows box. Or perhaps, make it a dual-boot with Linux, and stay primarily on Linux.
Software vulnerabilities have been the cause of all kinds of hostile action - from industrial espionage to extortion. Stephen Baker in BusinessWeek (carried therefrom by Yahoo! Finance) had this story on denial-of-service attacks linked to extortion rackets.
With this step into extortion, denial-of-service attacks are becoming a lucrative racket. In the Web's early years, hackers unleashed similar attacks against the likes of Microsoft Corp. (NasdaqNM:MSFT - News)or the Recording Industry Association of America simply to strut their power or voice political grievances. Now they want cash. And online casinos make an easy first target. Illegal in the U.S., many are based in countries such as Costa Rica and Antigua, whose police are ill-equipped to battle sophisticated international cybercrime. Casino operators, some of whom face illegal gambling indictments in the U.S., grouse that the FBI does little to battle attacks against offshore gambling sites.
This brings me to the sermon of the day. A good number of Internet attacks can be prevented by simply installing firewall software. Firewall software is something that I think everybody should have running on their computers because one, this is software that is available for free, and two, in addition to preventing denial-of-service attacks, the firewall protects the privacy of your own data. I would highly recommend installing one.
Especially if you have a broadband connection, and especially if you are brave enough to run Windows on that machine :) Full disclosure : I am on a Windows machine on a broadband connection, but I usually go through a proxy, which does application-level filtering. I am also running Cisco's VPN client, which includes a "stateful firewall". (I am guessing that means that it is a multi-layer stateful firewall, maintaining state on packets and connections between the OSI layers.)
