Oh, dear. Microsoft has revealed a new security flaw in Internet Explorer that, if taken advantage of, could let evildoers take over your computer. That’s nice. The good news is that Microsoft hasn’t heard of any consumer attacks brought about as a result of the glitch, so there’s no reason to freak out just yet.
And while a fix hasn’t been released—the glitch targets IE’s memory management when dealing with CSS—Microsoft has advised folks to download its Enhanced Mitigation Experience Toolkit. (If you’re on Windows XP, and I don’t know why you’d still be running it, you’ll have to upgrade to the latest version in order to use the kit.)
I’ll now use this time to talk a little but about the year in security news.
Probably the biggest security-related story happened only a few weeks ago when Gawker was attacked. Usernames and passwords had been targetted, and we learned that a startling number of people used passwords like “password” or “12345.” If the first step to keeping yourself safe online is to use a genuine, up-to-date operating system, the second step is to use strong passwords across your many online accounts. And don’t use the same password! All it takes is a quick Google search to find out that you use the same username across several different message boards and whatnot, and then to use the same password for all of them? You’re crazy.
A handy tip is to visit random.org and use their random password generator. Then memorize your password! It’s not like you have to remember phone numbers anymore, so put your memory to good use and memorize your passwords. You don’t want to end up like Sarah Palin.
Another thing to keep a look out for: mobile malware. As more and more people upgrade to smartphones it’s more and more tempting for evildoers to target the big operating systems out there. There may not be a Hollywood scenario where all of a sudden every iPhone in the world sprouts legs and attacks people in the streets, but it’s not exactly impossible to imagine a rogue dialer being released that causes your iPhone to call 1-900 numbers, racking up huge bills in the process.
As I said a few months ago, just keep your wits about you while online. Assume that everyone is out to get you, keep your anti-malware software up-to-date, and don’t click random nonsense.
It’s not that hard.