University of Southern California

Category Archives: Security Updates

← Older posts

More OpenSSL Vulnerabilities Reported

Posted on by mbordas

Security researchers have recently identified several vulnerabilities in the OpenSSL encryption library in addition to the widely publicized Heartbleed bug (see https://it-security.usc.edu/2014/04/09/openssl-heartbleed-bug​ for more information about Heartbleed). System Administrators within USC’s IT units should complete the action items (fixes) summarized … Continue reading

Posted in Security Updates | Tagged , , ,

TrueCrypt is insecure

Posted on by Robert

The anonymous developers of TrueCrypt warned yesterday “Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.” They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading

Posted in Encryption, Security Updates | Tagged ,

Zero-Day Vulnerability in Internet Explorer

Posted on by mbordas

Microsoft has issued a security advisory about a recently discovered zero-day vulnerability in Internet Explorer versions 6 – 11. The vulnerability could allow an attacker to install malware on a system without the user’s knowledge or consent if the user … Continue reading

Posted in Malware, Security Updates |

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading

Posted in Security Updates | Tagged

Server certificates and Heartbleed

Posted on by Robert

Cloudflare, a large web-hosting company, has a very detailed article on how server certificates are not (in the real world) extractable using the Heartbleed bug: http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed They set up a test server and challenged anybody to obtain the private key. … Continue reading

Posted in Password Security, Recommended Reading, Security Updates | Tagged

Passwords You Need to Change due to the Heartbleed Bug

Posted on by mbordas

Many websites and online services, including Facebook, Instagram, Google, and Yahoo, were affected by the recently announced Heartbleed vulnerability. The site linked below has collected responses from social media, email, financial, and other companies regarding steps they have taken to … Continue reading

Posted in Facebook, Password Security, Security Updates, Social Networking | Tagged

Patch Tuesday Roundup for April 2014

Posted on by mbordas

Microsoft’s support for the Windows XP operating system, Office 2003, and Exchange 2003 ends today, April 8, 2014. Microsoft will no longer provide security updates or other bug fixes for Windows XP, Office 2003, or Exchange 2003, leaving users of … Continue reading

Posted in Patch Tuesday, Security Updates |

Zero-Day Vulnerability in Microsoft Word

Posted on by mbordas

Microsoft recently published a security advisory about a zero-day vulnerability affecting Microsoft Word. (A zero-day vulnerability is one that exploits a previously unknown vulnerability and for which a patch has not yet been released.) The vulnerability can allow an attacker … Continue reading

Posted in Security Updates | Tagged , ,

Patch Tuesday Roundup for March 2014

Posted on by mbordas

Today is Patch Tuesday for March 2014. Microsoft released five bulletins, two of which are considered critical. The critical updates include a cumulative security update for Internet Explorer, which addresses a zero-day exploit first announced on February 19, 2014. For … Continue reading

Posted in Patch Tuesday, Security Updates |

Security Fixes for Internet Explorer and Flash Player

Posted on by mbordas

This week, Microsoft and Adobe released emergency security fixes to address zero-day vulnerabilities, or those which exploit previously unknown vulnerabilities and for which no patch has been released. Microsoft issued a security advisory about a vulnerability affecting Internet Explorer 9 and … Continue reading

Posted in Security Updates |

← Older posts