Microsoft secutiry Essentials for XP is going away with Windows XP support. It has been available for Windows XP, VIsta, and 7, but Windows 8.1 has its own security built in. If you already have it installed, you will continue to receive updates, but only until July 2015. That is little security for XP users as there will be no Windows security updates after April 8th, so security will be a big issue.
Verizon estimates that 76% of data breaches are caused by weak or stolen user names and passwords. The WSJ’s Diana Jou shows us how easy it is to hack into someone else’s online identity—by doing it herself.
Matthew J. Schwartz over at InformationWeek.com is reporting that Microsoft has extended its antivirus protection for Windows XP for 15 months, or until July 14, 2015. Some third-party vendors are promising updates through 2017.
by Gregg Keizer @ ComputerWorld.com
Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.
The claim, made by Tim Rains, director of Microsoft’s Trustworthy Computing group, came on the heels of the release of the company’s twice-annual Security Intelligence Report (download PDF).
Following up on comments he made in August, Rains again warned Windows XP stragglers to expect an increase in attacks when the aged operating system exits support in five months.
“After end of support, attackers will have an advantage over defenders who continue to run Windows XP,” Rains asserted in a Tuesday post to a company blog. “After April next year, when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP. If they succeed, attackers will have the capability to develop exploit code to take advantage of them.”
by Gredd Keizer, ComputerWorld.com
Computerworld – Adobe on Thursday admitted that hackers broke into its network and stole personal information, including an estimated 2.9 million credit cards, illustrating the lucrative target that software-by-subscription providers have become to cyber criminals, analysts said today.
“Even before they went to the cloud, bill-you-monthly firms have been a target,” said John Pescatore, director of emerging security trends at the SANS Institute, and formerly a Gartner analyst focused on security. “This has been an issue for [Web] hosting providers for years. There are two reasons why. First, they have a trove of credit cards. And second, you know that the cards are good.”
– See more at: http://www.networkworld.com/research/2013/100713-adobe-hack-shows-subscription-software-274551.html?source=NWWNLE_nlt_security_2013-10-08#sthash.Esh3GleC.dpuf
US CERT has announce that Microsoft will issue 8 security bulletins this on August 13, 2013. This is according to an advanced notification from Microsoft.
Microsoft announced on its blog on December 29, 2012, that there was a security vulnerability with Internet Explorer 8 that could allow remote code to be executed by computers using IE 8 if a website with malicious code installed is visited. The Los Angeles Times reported that the website for Washington, DC, based think tank Council on Foreign Relations had the malicious code on its site as early as December 21st and was infecting all affected computers that visited the site since that time.
The security advisory referenced in the blog post is #2794220. That advisory indicates that IE 6 and IE 7 are also vulnerable to these attacks, but versions 9 and 10 are not because they do not contain the same lines of code that created the vulnerability. However, neither of these version are an option for those using Windows XP.
On December 31, 2012, Microsoft posted two Microsoft “Fix it” patches. The page contains information on how to install these patches on computers running one of the affected versions of Internet Explorer.
If you are using Internet Explorer versions 6, 7, or 8, you need to install the patches provided to block the security vulnerability if you cannot upgrade to IE 9 or 10 (not an option for Windows XP users). You can determine which version of Internet Explorer you are using by clicking on the “Help” menu or Help icon and select “About Internet Explorer.”
The Washington Post has a technology piece which list 6 predictions for cyber security in 2013. The list includes:
- Criminals will enter your Home using Smart TVs
- Virtual Kidnapping of Cellphones
- Attacks Using Bloggers Will INcrease
- Virtual Attacks End in Human Death
- Rogue Regimes use Cyber Terrorism to Attack their Governments
- Attacks will follow Natural Disasters