SSCC 94 - internet meltdown, Microsoft's XML exploit patch, malware in the App Store, "a virus ate my homework" and password thefts galore

Filed Under: Apple, Data loss, Featured, Malware, Mobile, Podcast, Privacy, Social networks, Vulnerability

Sophos Security Chet Chat logoPaul Ducklin was back on this week for our special Friday the thirteenth edition of the Chet Chat.

We started our discussion by talking about the hype cycle surrounding the DNS Changer malware and the predicted internet blackout for affected users. Paul suggested the media misportrayed the impact on users and a more measured approach would have been more appropriate.

As usual Microsoft released a bevy of patches this Tuesday. Most importantly they released MS12-043 to fix the zero-day vulnerability in MSXML (CVE-2012-1889). Paul shared some advice for organizations struggling with patching and change control processes.

Some media outlets reported that there was malware on the Apple App Store this week, but we disagree. Paul and I explained what happened and pondered approaches Apple might take in the future to avoid a repeat incident.

Paul brought us a story from the "dog ate my homework department" where the city of San Diego, California blamed malware for a rather spectacular fireworks fail this Independence Day. At least they proved when you combine all colors of light you do in fact get white...

Lastly we discussed the loss of password databases by Yahoo!, Formspring, NVIDIA and Android Forums. While things like hashing are important, a better strategy might be to secure your network and not have your databases stolen in the first place.

(13 July 2012, duration 15:11 minutes, size 10.4 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 94, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

, , , , , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.