john mccormick

TechRepublic Resources

• sort by:
• Relevance
• Date
• Popularity

The Pragmatic Professional

I’m concerned that even among IT professionals (that is, people paid to manage other people’s computers) there is often a very narrow view of what is “correct.�Some people not only insist that their particular choice of IT tools is the best, they demand that others acknowledge this. That attitude seems...

Tags: Technology, Security, Risk Management, Leadership, IT Management, Education

Blog posts 2007-06-04

Two Apples/Day? Won't Keep Hackers At Bay, Neither Will Firefox

Quick, what's Apple's biggest vulnerability?Right, QuickTime!QuickTime just happens to run on both Windows and OS X, which makes this the second cross-platform threat I have reported on here in the past week.This is also the second time in a week Apple has released a security patch to block malicious web...

Tags: Macintosh, Firefox, Apple

Blog posts 2007-05-30

OpenOffice Vulnerability - Cross Platform Open Source Weakness Discussion

Sophos has disclosed the existence of a proof of concept worm StarOfficeBadbunny that attacks thorough a vulnerability in OpenOffice and other programs using StarBasic macros. According to Sophos, this is a multi-platform threat affecting Windows, MacOS and Linux. It is written in several scripting languages, including Pearl. http://www.sophos.com/security/analyses/sbbadbunnya.html While...

Tags: Security, open source, Office, Microsoft, Macintosh, linux, Hacking

Blog posts 2007-05-25

Critical New Opera 9.x Vulnerability and Norton 2004 Threats

This is a remote system access vulnerability caused by an ActiveX flaw.This is fixed by upgrading Windows Opera versions to Opera 9.21http://www.opera.com/download/.Secunia is reporting a highly critical Secunia rating Active X remote system access threat in Norton Internet Security 2004, Norton IS 2004 Professional, and Norton Personal Firewall 2004.I hope...

Tags: Security

Blog posts 2007-05-21

Microsoft announces security bulletin changes

A Microsoft spokesperson just notified me of planned changes to both the advanced notification service ANS and format of the monthly scheduled Microsoft security bulletins. These changes are worthy of note, but they will not affect the actual information provided -- just the way it is presented.According to the spokesperson,...

Tags: patching, Microsoft Update, Microsoft

Blog posts 2007-05-16

Get up to speed on Microsoft's seven critical security bulletins

For May's Patch Tuesday, Microsoft released seven security bulletins -- and they're all critical updates. John McCormick tells you what you need to know about all seven security bulletins. May's Patch Tuesday didn't just mean seven critical security bulletins for admins to worry about -- it also welcomed...

Tags: Microsoft Corp., John McCormick, Microsoft Excel, Microsoft Office, Microsoft Word, Word processors, security, vulnerability, IT Locksmith Newsletter, Version, Microsoft BizTalk Server, Service Pack 2, Update, Threat, Microsoft Internet Explorer, Bulletin, Security Bulletin, Microsoft Windows XP Service Pack 2, Office Suites, Software

Technical articles 2007-05-14

iPods Endanger Pacemaker Patients

Weve all been in hospitals and seen the signs warning us not to use cell phones because of possible dangers to patients on delicate electronic equipment, but a Chicago high school student has found that iPods interfered with about one third of implanted pacemakers tested.The Denver Post (and multiple other...

Tags: Security, Ipod

Blog posts 2007-05-11

Photoshop File Threat - Did You Ever?

Just when you thought it was safe to do something online, we have an example which shows that there can be dangerous vulnerabilities in virtually any application.Im including this Photoshop file threat not because I think it will become some massive security threat to a lot of users but simply...

Tags: vulnerability, Threats, Threat Modeling, Security, Risk Management, It Management, Hacks, Hacking, Cybercrime, adobe, acrobat

Blog posts 2007-05-07

Top Security Mistakes

Top Basic Security Mistakes1) Trusting people. The biggest threat to your IT security is ALWAYS the trusted employee. This is especially true of executives because poor personal security practices are just as dangerous or more dangerous as having a dishonest employee. If you ever need to cite an example,...

Tags: Security, Authentication

Blog posts 2007-04-30

25 Mac OS X Vulnerabilities Patched! SuSE Security Updates.

25 OS X Threats! There are multiple critical remote code execution and DoS vulnerabilities in Macintosh OS X Version 10.3.9, Server 10.3.9, 10.4.9 and Server 10.4.9 The 25 vulnerabilities are a mix of locally and remotely exploitable threats.Patch links for: 10.3.9 Client 10.3.9 Server Security Update 2007-004 Universal Serucity...

Tags: Security, patching, Macintosh

Blog posts 2007-04-23

Outrage! RIM Mum on BlackBerry Outage

In what I personally can only describe as OUTRAGEOUS, Research in Motion has refused to give any detals on the subject of the major north american outage of service.Canadian reports published today Friday say that the company is not returning media emails or phone calls about the outage.The Washington...

Tags: Security, Blackberry

Blog posts 2007-04-20

BlackBerry Network DOWN!

The vast BlackBerry network is malfunctioning at least in North America and the cause is not clear at this time.The outage may be due to software failure, or malicious action, but what is important at this time is that everyone from press to politicians to IT managers are currently without...

Tags: Security, Blackberry

Blog posts 2007-04-18

The Internet is Broken â€" Is it Time for a Hard Reboot?

I remember when the Internet got started, my former college roommate worked for a little place called BBN and actually, to be really honest, I’m old enough that I recall when DARPANET started also. Back then the “Net” was not only limited to...

Tags: vulnerability, Trustworthy Computing, Telecommuting, Spyware, Spam, Security, Microsoft, Malware, Internet, Government, E-commerce

Blog posts 2007-04-16

Microsoft releases six security bulletins for April

For April's Patch Tuesday, Microsoft released five security bulletins, rating four of them as critical -- and that's in addition to the critical security bulletin it released a week earlier. John McCormick tells you what you need to know about all of April's security bulletins. After canceling March's Patch...

Tags: Microsoft Corp., John McCormick, Microsoft Windows, security bulletin, vulnerability, security, Privilege Vulnerability, IT Locksmith Newsletter, Version, Workaround, Microsoft Windows Vista, Threat, Exploit, CMS Memory Corruption Vulnerability, Operating Systems, Software

Technical articles 2007-04-13

Windows DNS Server Remote Code Execution Threat

A newly released Microsoft Security Advisory warns that the Redmond company is investigating reports of attacks taking place against Windows 2000 Server Service SP4 as well as Windows Server 2003 SP1 and SP2.The Mitre CVE reference for this is CVE-2007-1748. Details are few at this time but Microsofts report confirms...

Tags: Security, Microsoft Update, Microsoft, Internet Service

Blog posts 2007-04-13

An Unintended Consequence of The Fixed Patch Cycle

Fixed Patch Cycle ThreatsAlthough many of us cheered when Microsoft designated a Patch Tuesday regimen for releasing most security patches, hackers quietly cheered also and we are now beginning to see the unintended consequences of trying to make IT managers lives easier by having regularly scheduled patch days.Stop the patching...

Tags: Threats, Support, Security, patching, Microsoft Update, Microsoft

Blog posts 2007-04-13

Yahoo! IM, Kerberos, Firefox, and Kaspersky AV vulnerabilities

This week will see five or more Microsoft Security Bulletins which I will cover in my monthly Locksmith column and newsletter. There is no real word yet as to the content except that there will be one or more security patches and some non-security patches. But,...

Tags: Security, Instant Messaging, Im, Authentication, Antivirus

Blog posts 2007-04-08

Is Firefox ALSO affected by the Microsoft ANI vulnerability?

A report on ZDNet UK suggests that the animated cursor vulnerability just patched in yesterdays Microsoft Security Bulletin MS07-017 can also make Firefox browsers running in a Windows environment vulnerable to the threat.The individual who initially reported the ANI vulnerability privately to Microsoft, Alexander Sotirov of Determina, has told ZDNet.uk.co,...

Tags: Security, Microsoft Update, Firefox

Blog posts 2007-04-04

MS07-017: "Vulnerabilities in GDI Could Allow Remote Code Execution"

Microsoft today released a patch for the critical-rated vulnerability in animated cursors that has been widely reported by me in this blog and elsewhere.Microsoft Security Bulletin MS07-017 is a patch for a remote execution vulnerability that is already being exploited.But, in addition to that .ani file vulnerability, this security bulletin...

Tags: Windows Vista, Windows, Vista, Security, Microsoft Update, Microsoft, Ie6, IE

Blog posts 2007-04-03

ICANN Nixes .XXX's

According to a report in Australian IT ICANN Internet Corporation for Assigned Names and Numbers , the governing body which sanctions Internet addresses has rejected the suggestion that they permit the creation of .XXX URLs for adult content Web sites.See http://australianit.news.com.au/articles/0,7204,21488365%5E16123%5E%5Enbv%5E,00.html for details. This, in my opinion, is a mistake.Having...

Tags: Security

Blog posts 2007-04-02