This sounds familiar

Waaaay back in the early days of the #WeekendWisdom series, back at number 3, I talked about updates. I’ll have a link to that video somewhere on the social media post associated with this video.

The events of the last week has brought it back to me that this really is an important topic that we all need to be aware of.

What happened this last week?

Apple, earlier this week, released updates to its iPhones and Mac computers and watches that plugged a vulnerability which was being exploited by a surveillance software maker which literally all they had to do if they wanted to take control of somebody’s iPhone we’ll say, all they need to do is send a message to that phone and just when the phone receives the message, they now have control of it. The user of the phone did not have to do anything. So that’s pretty scary.

Also there was the vulnerability that I talked about in last week’s #WeekendWisdom. Microsoft have issued updates for that this week. So again, it’s really critical that if you have updates waiting on your Windows computer to apply them.

This is the reason why updates are important

You see the problem here is that when the likes of Apple or Microsoft issue updates, criminals go and take those updates, they look at them and they find out what exactly has been fixed in Windows or in the iPhones or whatever. Then they can figure out how they can exploit that, that vulnerability that was there that was fixed. If people don’t do the updates, the criminals can now exploit them, for those people who don’t, because there are quite a lot of people who don’t apply updates.

But it’s really important that you do.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 095 Why Updates are Important appeared first on L2 Cyber Security Solutions Ltd..

Updates

I know, I know, you’re sick of people talking to you and telling you to do updates, but bear with me for a minute.

Software is created by application developers. Application developers are human. Humans make mistakes. Therefore application developers make mistakes.

These mistakes when they are put into programs, they create bugs, which is what the bad guys are always looking out for because bugs allow them to be able to make the software do things it was never designed to do in the first place. And therefore they can use that, leverage that to break in, make the systems their own, take control.

So the good guys, the application developers, when they realise they have bugs or bugs are reported to them, they will fix these bugs so that will keep the bad guys out as far as possible. They’ll fix that bug, they’ll probably also introduce a few more, but that’s the nature of software development.

So it’s really important that you do apply patches and updates as soon as you get them. So that’s the reason for it.

Now what do you need to apply updates to?

You’re probably saying to me right now, my laptop updates automatically, my desktop does, my phones do. So yes all these devices are probably set up to automatically update, but do you remember a couple of weeks ago when we talked about doing an inventory, which contains a list of all of your assets, all your IT assets?

• Your telephones.
• Your printers.
• Your routers.
• Your switches.

All of these devices, they all contain software, which, now maybe not as often as a laptop or a phone, but they do require updates on a frequent enough basis. So you might also need some technical support with being able to get those updates put into place. But its kind of advisable to do it on a fairly frequent basis. So please look to doing that, scheduling that.

So that’s it for this week. Let’s be careful out there and I will see you again next week.

www.L2CyberSecurity.com

www.twitter.com/L2Cyber

The post #WeekendWisdom 003 Updates appeared first on L2 Cyber Security Solutions Ltd..

Me? I was in my office and carrying on about my business as I always do, whether it’s Patch Tuesday or not. The fact that it is a regular occurrence, means that it has become a mundane and expected part of our daily digital existence. For this reason, and this reason alone, is why last month’s absence of a Patch Tuesday is of great concern to security professionals like myself.“I got updates on Windows last month!” I hear you cry. So did I, but it was only for that disgrace of a piece of software that is Adobe Flash Player.

What we were missing were a number of patches for Microsoft’s various software that we have installed on our desktops, laptops and servers. This was the first time in 14 years that they skipped a month and they did so without providing us with any indication of what the problem was.

So in March 2017 Microsoft fixed 135 vulnerabilities across their software estate, which is pretty freakin’ big. The number of vulnerabilities though is only a small part of the serious problem that us concerned security folk have with Microsoft. One of the critical vulnerabilities that was patched on the 14th of March was a flaw that was publicly disclosed on the 2nd of February. This meant that the evil doers would have been attempting to exploit the vulnerability for nearly 6 weeks … which is an aeon in a hacker’s world.

Now, we can’t take umbrage at the fact that Carnegie Mellon University revealed the existence of the vulnerability in February, which had been discovered last year. Microsoft were notified about it and so an expectation that they were going to fix it in February 2017 was reasonable. However, something went awry with the whole month-worth of patches and so a lot of people were exposed for a very long period of time, which is really inexcusable.

I preach to people, telling them they need to keep their software and devices up-to-date. Then M$FT go ahead and make a mockery of the arrangement.

The post Patch Tuesday on the double. appeared first on L2 Cyber Security Solutions Ltd..