An analysis of all the patches that Microsoft released in 2013 shows that nearly 100% of all exploits and vulnerabilities could be removed if administrator rights were revoked, and users ran as a limited user.
Admin rights key to mitigating vulnerabilities, study shows (ZDNet)…
http://www.zdnet.com/admin-rights-key-to-mitigating-vulnerabilities-study-shows-7000026428/
There's a flaw in iOS and OS X that allows a "man in the middle" to intercept your credit card information. Apple just put out an emergency update to iOS to patch this. The update is OS version 7.0.6 and users should install it immediately to all iPhones and iPads. Hopefully, the OS X patch will be coming soon as well.
Dan uses Windows XP and is worried about security once Microsoft ends support for it on April 8th. Leo says that there will only be two more security patch Tuesdays between now and April 8th and once that's done, XP will no longer be supported. Leo says that once that happens, all XP users should pull their XP computers off the Internet completely. There are bad guys who collect flaws and exploits and take advantage of holes in the system. One such nasty thing is Cryptolocker.
There's a report that someone sitting at your Mac can fiddle with the clock in OS X and gain access to your system. Leo says that having physical access to a computer can create a lot of security issues. It's something to be concerned about if you're going to lunch and leaving your computer open, but 99.99% of the time, this is much ado about nothing. Just create a screen saver password that's really good, and you're golden. Even better, turn on full disc encryption (called "file vault" on the Mac) and everything is safe until you log in.
Microsoft, Apple, Twitter, Facebook and a host of others have fallen victim to the Java exploit that was discovered by the Department of Homeland Security (actually, Leo says it was CERT - Computer Emergency Response Team ) last month. Leo says that it appears to be an Eastern European team that is attacking big American companies to find industrial secrets.
Steve Gibson joins Leo to talk about the UPnP bug. It's one of the most nefarious exploits out there and the media isn't talking about it because it's just too "geeky." Security groups scanned over 4.3 Billion routers connected online, looking for a vulnerability. There are hackers probing as well. It's stunning that over 81 million are vulnerable due to a bug in the router software that will give hackers access to their personal networks. Steve advises turning off UPnP in the router settings.
Another flaw in routers has been exploited which allows hackers to burrow in and take control over a user's computer. Leo says that there are a few things you can do to safeguard your router, and your network:
