Johannes Ullrich

December 14, 2021

Microsoft Patch Tuesday, December 2021 Edition

This post was originally published on this siteMicrosoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Log4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called “log4j,” which is included in a huge number of […]
May 7, 2022

Your Phone May Soon Replace Many of Your Passwords

This post was originally published on this siteApple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites. Image: The tech giants are part of an industry-led effort to replace passwords, which are easily forgotten, frequently stolen by […]