Homeland Security
The Department of Homeland Security today took the unusual step of issuing a press release urging users of Microsoft Windows to install a critical security patch as soon as possible, saying:
  1. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.
The specific vulnerability, labeled MS06-040, makes it possible for an attacker to take over any unprotected Windows machine on the Internet.  If the machine is protected by a firewall, the attack gets harder, but is still possible if the user has enabled file or printer sharing. A vulnerability like this could be used to create a virus that could quickly take over a large number of machines and wreak all sorts of havoc.
It’s great to see that the Department is keeping up on potential threats like this. Even better, the press release includes a number of the common-sense protections also mentioned in our book, such as installing security updates expeditiously, maintaining up-to-date anti-virus (and, for Windows, anti-spyware) software, running a personal firewall, and not opening email attachments.
Now if the Department would only recommend that everyone simply gets a Mac :)
Wednesday, August 9, 2006