SSCC 94 – internet meltdown, Microsoft’s XML exploit patch, malware in the App Store, “a virus ate my homework” and password thefts galore

Sophos Security Chet Chat logoPaul Ducklin was back on this week for our special Friday the thirteenth edition of the Chet Chat.

We started our discussion by talking about the hype cycle surrounding the DNS Changer malware and the predicted internet blackout for affected users. Paul suggested the media misportrayed the impact on users and a more measured approach would have been more appropriate.

As usual Microsoft released a bevy of patches this Tuesday. Most importantly they released MS12-043 to fix the zero-day vulnerability in MSXML (CVE-2012-1889). Paul shared some advice for organizations struggling with patching and change control processes.

Some media outlets reported that there was malware on the Apple App Store this week, but we disagree. Paul and I explained what happened and pondered approaches Apple might take in the future to avoid a repeat incident.

Paul brought us a story from the “dog ate my homework department” where the city of San Diego, California blamed malware for a rather spectacular fireworks fail this Independence Day. At least they proved when you combine all colors of light you do in fact get white…

Lastly we discussed the loss of password databases by Yahoo!, Formspring, NVIDIA and Android Forums. While things like hashing are important, a better strategy might be to secure your network and not have your databases stolen in the first place.

(13 July 2012, duration 15:11 minutes, size 10.4 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 94, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.