Last Week In Security: Stuxnet Redux, Gmail Security and a Monster Patch Tuesday
The Stuxnet buzz continued this week, Adobe took a few steps toward better security and Microsoft announced plans for its largest Patch Tuesday ever. But it wasn’t just Microsoft, Adobe and everyone’s favorite worm grabbing headlines. Read on for the full week in review.
Not going away anytime soon; Stuxnet continued to pervade the news this week. On Monday, an editorial took a step back and examined the story so far, looking at the roots of the attack and potential targets. While the virus’ alleged ties to Iran and Israel have certainly been well publicized, that’s only one potentially valid explanation for it.
After all, on Tuesday we discovered Iran is no longer the virus’ hot spot – a title that now belongs to India and some parts of Indonesia. That’s what a slice of data released by Kaspersky Lab’s September report suggests. Regardless, the debate on the worm’s intended target will continue to rage on, it seems.
As a new month began, details came late this week on Microsoft’s impending Patch Tuesday. The batch of patches, scheduled for release on Oct. 12, will be the company’s largest, with 16 bulletins addressing 49 security vulnerabilities. Four of the 16 vulnerabilities are rated critical, the company’s highest severity rating.
The start of October also meant it was time for Adobe’s quarterly patch update. In the huge update, 23 vulnerabilities were patched on Tuesday, a full week earlier than they’d originally planned. The update fixed previously critical issues in Reader and Acrobat, some which had been exploited for up to two months.
The software company also produced some good news on Wednesday by divulging new details about their upcoming version of Reader, its sandboxing feature called Protected Mode. Initially announced back in July, Protected Mode was described by Adobe’s Kyle Randolph as being able to lessen the effect of bugs in the application.
Microsoft floated a new security proposal this week, outlining a plan wherein computers would all receive “health certificates” in order to access the Internet. Almost like a public health model for security, the idea is meant to prevent infected PCs from spreading malware and becoming parts of botnets by stopping infected machines from accessing the Internet.
There were also stories this week that touched on keeping your e-mail safe, particularly if you use Google’s tremendously popular Gmail. In a guest column early this week, Caleb Sima of Armorize gave some hints on how to keep your Gmail secure. As changing the password doesn’t always work – Sima also recommended paying attention to filters, password recovery settings and rogue applications.
As the week wound down, Google, which has been fighting an uphill battle lately, released a checklist of their own in hopes of keeping users safe. Google lays out 18 steps that users can take to help lock down their Gmail accounts, ranging from changing passwords frequently to using the forced-SSL option to checking for outdated or insecure browser add-ons and plug-ins.
What caught your interest this week?
Post a reply
You must be logged in to post a comment.