September in security

Pascal Cuoq - 8th Oct 2012

October is National Cyber Security Awareness Month (if you are in the United States; otherwise it is Another Country's Cyber Security Awareness Month).

In celebration here is a short list of recent cyber-security failures:

  1. An iPhone user navigating to a malicious webpage can see eir personal information (address book browsing history photos …) revealed to the attacker.
  2. Security vulnerability after security vulnerability were found in Oracle's Java. These appear to allow a malicious website to plant malware on an unsuspecting user's computer who navigates to the wrong webpage.
  3. Security vulnerabilities were found in various versions of Internet Explorer. Again navigate to the wrong webpage and malware gets installed on your computer.

What do all these items have in common? Firstly impact: many people have an iPhone or use Internet Explorer as web browser. They may not know what Java is but it is likely to be enabled in whatever browser they use—many internet banking sites rely on it for instance. Secondly the listed vulnerabilities all made headlines in September 2012.

Pascal Cuoq
8th Oct 2012