It’s interesting how you can go through an entire week of work and think that nothing significant happened in the security world. Now that I am trying to write these updates on a weekly basis, I’m paying a bit closer attention. While we won’t have huge patch-focused updates unless it’s the same week as a patch release, it doesn’t mean nothing has been going on. So, without further ado here are this week’s updates and patch report. If you missed last week’s, read it here.
EMET 3.0 has been released. What is EMET you ask?
EMET stands for “Enhanced Mitigation Experience Toolkit” and is basically a tool that allows you to protect Windows applications from attack. We’re used to applying patches for things like this, but sometimes a problem is more complex than people think and patches are a long time coming. EMET allows you to shift from a reactive to a proactive stance. This is a different way of protecting your systems and will take some work to get started. However, if your operational guidelines have matured to the point you have identified allowed applications and are either using application control or imaging, this can provide a nice additional layer of protection. With this new version, you can also identify attempts to exploit vulnerabilities, which can give you preliminary warnings of attack.
Carrier bloat … if you have a Smartphone, you probably know exactly what I’m talking about. Carrier bloat usually takes the form of targeted mobile marketing applications that encompass everything from sports and shopping, to games and movies. The apps are baked into the phone’s software, often run by default, can’t be removed and worst of all, gobble up precious storage space, CPU cycles and battery life. Simply put, carrier bloat holds your phone hostage.
A couple weeks ago, we got a glimpse of what 21st century marketing research can accomplish. After his teen received pregnancy-related coupons from a Target mailing, a Minnesota father drove to his nearest Target store, berated the manager and left. A couple days later, the store manager called the father to apologize once again, but it was the father who was saying sorry this time. Much to his surprise, his teenage daughter was indeed pregnant. So how on earth did Target figure out this information before anyone else?
Many of today’s most successful companies invest thousands of dollars into marketing research. Everything from consumer spending habits to internet search topics are gathered and aggregated into usable data. Much of the information is anonymous, stored in separate silos or is not readily available, but that is about to change.