Teams of software experts have discovered a bug in both Intel and AMD processors that can allow malicious code access to confidential information.  Some patches are currently available, but not all aspects are fixable at the moment.  This issue is serious and effects Microsoft Windows, Apple MacOS and Linux as well as as mobile devices Apple iOS and Google ChromeBooks.  Basically anything with an Intel or AMD effected CPU. Keep up to date on your patches, Retire old Out of Service Operating systems.  Yes people are still using XP, 2003, etc. It’s time for them to go away finally.  No patches will come out for older OS making them just huge targets. Keep your OS and AV up to date or just ask us about RMM and WebRoot. Read more in the links below. https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/  

We Prefer WebRoot, it’s Small, Super Fast and Very reliable.  Installs in 1 minute, Full scan on most computers in LESS that 5 Minutes!  But hey, you could use Trend and deal with this.

Trend has patched that problem and another remote execution flaw found by a well-known Google security researcher

Source: Trend Micro flaw could have allowed attackers to steal all passwords

More Vulnerabilities are found in SSL and TLS.  Apple and Google prepare patches.  These issues affect the majority of Android devices and Safari from both Apple Desktop and Mobile devices. Firefox and Crome apparently not effected.  Read more below. ​Apple and Google prepare patches for FREAK SSL flaw | ZDNet.

Microsoft is upset that yet again Google has disclosed an as yet (at time of disclosure) unpatched flaw in Windows 8.1.  Google did give MS proper notification and a 90 day deadline to address the issue.  Microsoft if upset that Google didn’t extend its (set in stone) 90 day deadline to allow Microsoft to release the patch within it’s normal Patch window on what’s called “Patch Tuesday”. I agree with the cutoff myself.  Especially if you look at it like this..  Microsoft put out a product that has security issues in it, some have been there for years undiscovered by Microsoft as it releases new versions of it’s OS.  New versions that often are still susceptible to the same flaws.  Many of these flaws are brought to Microsoft’s attention from ethical outside sources including Google.  Unethical hacker may already know and be using these flaws for malicious purposes.  It’s reported that our own NSA knew about HeartBleed the SSL flaw for years and kept it silent to exploit it. So the question remains.  How much time should a company have to patch a flaw from the time it is informed of it?  Each day a fix is delayed is a possible exploit of systems and data.  Security breaches, stolen data, pictures, passwords, credit card & financial info.  So the question is…  Is 90 days long enough or is it too long?  Think of Sony, or iCloud or any other data breach you’ve heard of in the recent history.  Then think..  Should MS be upset about the  flaws being disclosed or should they Really be apologizing for not fixing it sooner? Read Network Worlds take on it at the link below.

Google discloses another unpatched Windows flaw, irritates Microsoft | Network World.

Microsoft was notified over 90 days ago about a vulnerability that would allow a user with local credentials to elevate their rights to that of admin.  Google’s Project Zero policy is to give 90 day for the vendor to fix the issue then disclose it to the public.  Wether fixed or not.

I approve of this practice.  90 days is ample time for a fix.  The more time a system is vulnerable the more likely someone will exploit it.

So what do you think?  Should Google continue the practice of disclosure after 90 days or just wait until the vendor fixes it regardless of how long that takes?

Google posts Windows 8.1 vulnerability before Microsoft can patch it.

 

Non-Microsoft security flaws the ones to watch, Secunia analysis finds – Techworld.com.  

FREE WiFi!  It could help everyone.  Microsoft and Google think so.  Or…  At least it would make it easier for people to connect to their Cloud Services (Office 365 and Google Apps/Plus).   Who would be against something free like this?  Verizon/AT&T/T-Mobile or anyone that sells service in the competing space. Read a bit more by the Privacy & Security Fanatic Ms. Smith.

   Microsoft and Google push for FCCs public Wi-Fi for free networks.