The Good, The Bad and The Ugly
Good news this week as Google announces an extension to its ‘Safe Browsing Alerts for Network Administrators’ programme (catchy name huh!).
The programme, which has been running for 5 years notifies admins when harmful URLs are detected on their networks. This has now been extended to include Malware and other nasties:
Compromised: Pages harming users through drive-by-download or exploits.
Distribution: Domains that are responsible for launching exploits and serving malware. Unlike compromised sites, which are often run by innocent webmasters, distribution domains are typically set up with the primary purpose of serving malicious content.
Social Engineering: Deceptive websites that trick users into performing unwanted actions such as downloading software or divulging private information. Social engineering includes phishing sites that trick users into revealing passwords.
Unwanted Software: URLs which lead to software that violates Google’s Unwanted Software Policy. This kind of software is often distributed through deceptive means such as social engineering, and has harmful software traits such as modifying users’ browsing experience in unexpected ways and performing unwanted ad injections.
Malware Software: Traditional malware downloads, such as trojans and viruses.
You can read all about it here.
If you manage your own AS, we recommend that you sign up!
The bad news this week is, and let’s all let out a collective groan and clutch our heads in anguish, yet another critical bug in Flash which is being exploited in the wild by very bad people so you need to make sure (yet again) that all your flash is patched up to the latest version, which must be version 4 billion or something by now. (Actually it’s: 18.104.22.168).
If you don’t already have Adobe’s security advisor pages on speed dial, here is where to go to ruin your weekend.
Like all other Security professionals, we recommend that you disable the auto-run feature for Flash content by enabling ‘Click-to-pay’ in your browser.
And now for the Ugly. This week the chap who created The Great Firewall of China, Fang Binxing (and that is a catchy name!) was talking at his old university when up popped a 404 Page Not Found in his browser. What did he do? Well he did what everyone would do and to the shock of the assembled, fired up an ugly old VPN to bypass his baby.
Needs must when the devil drives.
If you would like to talk about any of these security issues, or anything else to do with information security for that matter, please contact us at: [email protected]or 020 7517 3900.