Security Advisor
Microsoft Throws Wrench in Hackers' Playbook
With this week's release of Microsoft's Enhanced Mitigation Experience Toolkit 3.0 (EMET 3.0), the company is finally ready to stand behind its product. Microsoft decided to categorize the tool as an officially supported product with this third version (I guess products blocking security breaches is worth standing behind).
For those that are unfamiliar with the counter-hacking toolkit, EMET protects systems by stopping exploit code attacks from occurring before they happen. This is pulled off "by opt-ing in software to the latest security mitigation technologies," according to Microsoft.
What does this mean? Well, no matter how out-of-date your Windows is, it can be upgraded (in a sense) to meet the security challenges that might not have been around when your software was first released.
It's compatible with Windows on both the server and client side, and even protects those toying around with the Windows 8 Consumer Preview. And those wanting to run in the enterprise can keep tabs on the tool using Microsoft System Center Configuration Manager and Group Policy.
New to version 3 is improved reporting features that will keep a running log of any exploits blocked and the applications associated with the failed attack.
Have you used EMET in either your shop or at home? Send me your thoughts on Microsoft's hack blocker at [email protected].
Adobe Realizes Not Patching Software Is Bad
So last week Adobe warned customers that there were a bunch of vulnerabilities in its family of Creative Suite software (Photoshop, Illustrator and Flash Professional). And instead of saying when users could expect a fix, Adobe told customers to just purchase the latest, more secure version of its software.
Now we're not talking about software that could have been found on Windows 98 -- this is software that, in the case of Photoshop 5, only came out two years ago.
I don't know about you, but if I buy pricey software like Adobe's Creative Suite, I would want to have it supported a bit longer than a pair of sneaker's lifespan.
Actually, I do know about you, as evident by the huge "S" storm kicked up by outraged customers online. And it wasn't just a vocal minority of angered customers (who usually end up making the loudest noise online), but security firms obviously didn't like Adobe's security advice.
"What the heck is wrong with Adobe? It's not like Photoshop is a ninety-nine cent app, it costs hundreds of dollars to purchase," wrote nCircle's Andrew Storms in a blog post. "And the risk for the bug in Photoshop is high; the exploit code has already been made public. These security tactics make Adobe software look like ransom ware."
Well, Adobe wised up and said that it is currently working on fixes for its older software. However, it's unclear whether these fixes will mend its broken reputation.
File Sharers Draw the Moral Line
The Pirate Bay doesn't mind if its users download and distribute for free the latest copyright music, movies, TV shows or software. However, it does mind hackers perpetrating attacks in its name.
The hacker group reportedly took down the Web site of Virgin Media after a court ruling came down that said The Pirate Bay enables breaches of copyright laws -- a ruling that could lead to the ultimate shutdown of the file sharing site.
While Anonymous was looking out for TPB's best interests, TPB released the following condemning message on its Facebook page: "We do NOT encourage these actions. We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us."
So, to sum up TPB's viewpoint, sharing a pirated version of The Avengers -- good, hacking your adversaries' Web sites -- bad.
Where do you stand? Which is a bigger threat: the illegal distribution of digital goods or attacks on Web sites that go against hackers' ideologies? Let me know at [email protected].