During the holiday break, Google's Project Zero team disclosed a vulnerability in Windows 8.1 after Microsoft failed to issue a patch within the 90-day deadline that Google gives vendors. That sparked a debate on whether or not Google did the right thing, and while many (not all) of our readers sided with Google, Microsoft has some information that warrants asking the question again. Specifically, Microsoft says it was scheduled to patch the vulnerability on Patch Tuesday, two days after Google's deadline, and that Google ignored its request to withhold details until that time.
The second Tuesday of every month is known as Patch Tuesday for Windows users, and if you didn't install yesterday's batch of security updates, there's a good reason why you might want to put it on your short-term list of things to do. One of the patches in yesterday's Tuesday roundup addresses a critical bug in Windows that went unnoticed for 19 years and is present in every version of the OS from Windows 95 on up.
Over 86 percent of all Android devices remain vulnerable
The flagrant fragmentation that has come to be associated with Android is once again in focus, with IBM Security researchers shedding light on a major vulnerability (CVE-2014-3100) affecting the all-important Android KeyStore service, which is used for storing cryptographic keys and other sensitive credentials. Although the said vulnerability has been fixed in the latest version of the operating system (Android Kitkat 4.4), the problem is that the vast majority of Android users don’t have the latest version.
Many a heart skipped a beat when it emerged earlier this month that millions of web servers around the world were vulnerable to a yawning hole in the open-source OpenSSL cryptographic software library. The discovery sent IT execs and web admins around the world scampering to plug the hole. Ten days after coverage of Heartbleed first began, security research firm Sucuri decided to scan the Internet’s top one million websites (as ranked by Alexa) to see how many of them were still vulnerable.
Managed to log in to dad’s account with simple trick
Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Windows XP support is entering its final stages. This coming Tuesday will see the release of some of the last security patches for the operating system which, despite its advanced age, still commands a sizable share of the PC market and simply refuses to die.
Nearly 900 million devices running Android 1.6 or later at risk
The Black Hat USA 2013 security conference does not get underway until July 27, 2013, but there is already plenty to look forward to, with the folks at Bluebox Security dropping a bombshell by claiming to have unearthed a yawning hole in Android’s security fabric and promising to shed some technical light on the vulnerability during the upcoming conference.
Latest security bulletin addresses three vulnerabilities
February is proving to be a very busy month for those tasked with the unenviable task of plugging Flash Player holes at Adobe. The Adobe Product Security Incident Response Team (PSIRT) on Tuesday announced the availability of new security updates for the Flash Player. This is the third time this month that the company has had to release security updates for the ubiquitous plugin.
Microsoft will deliver six security bulletins on April 10, 2012 as part of its monthly security update, the Redmond-based company said in an advance notification Thursday. The six security bulletins will, between them, address 11 vulnerabilities in Windows, Office, Internet Explorer, SQL Server. .NET Framework and Forefront Unified Access Gateway. Hit the jump for more.
Downright malicious browser plugins and add-ons are obviously a massive security risk, but make no mistake unpatched or outdated extensions are just as big a headache. For this reason, Mozilla has a blocklist service to deal with plugins that jeopardize the security, stability, or performance of Firefox. The latest addition to the Firefox blocklist happens to be the ubiquitous Java plugin. Hit the jump for more.