Haunted by the OLE bugs

Unix/Linux platforms are not the only ones haunted by the old buggy code demon (daemon?). Bash Shellshock was the very serious flaw in the command shell Bash, which runs inside most of Unix/Linux devices, that affected millions of computer and devices around the world. This vulnerability allowed an intruder to take over the whole device, not just intercepting its communication.

Windows experienced a similar situation with the SChannel Vulnerability that was discovered last week, popularly named “Winshock’ by security experts. This vulnerability is a deficiency in the usage of the TLS/SSL protocol, similar to the Heartbleed bug of a few months ago. The difference this time is that, although Microsoft has already patched this flaw for most of Windows Operating Systems, I will not be releasing a patch for Windows XP. Though some security experts do not consider this to be as big a threat as the Heartbleed bug, and even though there have not been any exploits in the wild due to Microsoft being very scant about the details of the vulnerability, it all point to it not being trivial. In fact, there are many cases of the patch that Microsoft released to have created other problems in desktops and servers that have downloaded and installed it. According to reports, it breaks the TLS 1.2, and it slows SQL servers almost to a crawl. But most importantly, Microsoft has kept it up in the windows updates catalog. Incredibly, this is not the first one of the patches that has been botched.

TRA consulting not only focuses on Home Personal security, but also in SOHO (Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one. We have many highly satisfied customers in the Long Beach, Orange County, South bay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Our prices are reasonable and our services are top notch. Our motto is “minimum fuss, maximum satisfaction”.

One of the scariest bug out there in the past few months is the Windows OLE Vulnerability, which had gone unnoticed for almost 20 years (brings back memories of Bash Shellshock, doesn’t it?). This bug has been part of Internet Explorer since IE 3.0, and went unnoticed until recently. If this bug was found by Microsoft, which constantly searches for vulnerabilities and releases updates and patches on a weekly basis for all of their supported systems, who’s to say what other bugs are out there that can be exploited that have gone yet unnoticed by security experts?

It’s been said in jest that “the only secure computer is the one that is unplugged, locked in a safe, and buried 20 feet underground in a secret location”. As optimistic as that sentence makes the world of computer security sound, it is not that bad as long as you take simple precautions. Knowing what to do, or consulting someone who knows what they are doing, (like TRA Consulting) will save you from future headaches.

Call us Today!!