Paul Ducklin was back on this week for our special Friday the thirteenth edition of the Chet Chat.
We started our discussion by talking about the hype cycle surrounding the DNS Changer malware and the predicted internet blackout for affected users. Paul suggested the media misportrayed the impact on users and a more measured approach would have been more appropriate.
As usual Microsoft released a bevy of patches this Tuesday. Most importantly they released MS12-043 to fix the zero-day vulnerability in MSXML (CVE-2012-1889). Paul shared some advice for organizations struggling with patching and change control processes.
Some media outlets reported that there was malware on the Apple App Store this week, but we disagree. Paul and I explained what happened and pondered approaches Apple might take in the future to avoid a repeat incident.
Paul brought us a story from the "dog ate my homework department" where the city of San Diego, California blamed malware for a rather spectacular fireworks fail this Independence Day. At least they proved when you combine all colors of light you do in fact get white...
Lastly we discussed the loss of password databases by Yahoo!, Formspring, NVIDIA and Android Forums. While things like hashing are important, a better strategy might be to secure your network and not have your databases stolen in the first place.