Globalize Networks blog

Microsoft issues updates on the second Tuesday of each month.  This month, they issued their largest update ever.  Now, Adobe is following suite and will start issuing quarterly patch updates on the same day that Microsoft releases it’s updates.  This month, Adobe released a big update with 29 fixes.  As I noted in my previous post, un-patched client software is the primary way in which computers with internet access are being hacked.  So stop canceling those Adobe update prompts. 

This report from SANS was an eye-opener for me:
http://www.sans.org/top-cyber-security-risks/

Priority One: Client-side software that remains unpatched.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash, and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access…

Priority Two: Internet-facing web sites that are vulnerable.

Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits…

Don’t ever re-use passwords between sites.  Here is an  article about high-profile security sites getting hacked:

http://blogs.techrepublic.com.com/security/?p=2048