Archives for October 2014

Google now offering a physical key for 2-Step Verification

October 22, 2014 by Isaac Straley Leave a Comment

2-Step Verification offers a strong extra layer of protection for Google Accounts. Once enabled, you’re asked for a verification code from your phone in addition to your password, to prove that it’s really you signing in from an unfamiliar device. Hackers usually work from afar, so this second factor makes it much harder for a hacker who has your password to access your account, since they don’t have your phone.

Today we’re adding even stronger protection for particularly security-sensitive individuals. Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.

More: http://googleonlinesecurity.blogspot.com/2014/10/strengthening-2-step-verification-with.html

Drupal Security Update

October 15, 2014 by Lee Knutson Leave a Comment

Drupal has released an update to fix a highly critical vulnerability in Drupal 7. Attackers can leverage a SQL injection attack for privilege escalation, allow arbitrary PHP code execution and other attacks.

For more information, see https://www.drupal.org/SA-CORE-2014-005

Oracle Java 8 Update 25 / Java 7 Update 71 Security Updates

October 15, 2014 by Lee Knutson Leave a Comment

Oracle has released a security update to Java that includes fixes for several security vulnerabilities. The updated versions are JDK/JRE 8 Update 25 and 7 Update 71. Updates are available for Java 7 and Java 8 on Windows, Solaris, Linux, and Mac OS. Be sure to update your Java installation(s) as soon as possible.

This release is available for both server and workstation installations of Java. Java can be updated via the included Java Updater or at http://java.com/en/download/index.jsp

Note that Oracle has indicated it will no longer be providing public updates to Java 7 after April 2015.

Continuing to use a vulnerable version of Java, especially in a browser, is a surefire way to end up with a compromised system.

For more information, see:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA

Microsoft Security Bulletin Summary for October 2014

October 14, 2014 by Lee Knutson Leave a Comment

Today, Microsoft released 8 security bulletins, 3 of which have a maximum severity rating of Critical, and 5 of which have a maximum severity rating of Important.

Microsoft products affected include Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer.

For specific versions and more information, see https://technet.microsoft.com/library/security/ms14-oct