IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [updates]

124 questions
103
votes
19 answers

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
95
votes
5 answers

How do services with high uptime apply patches without rebooting?

How are critical security updates installed on systems which you cannot afford to reboot but the update requires a reboot. For example, services/businesses that are required to run 24x7 with zero downtime, e.g. Amazon.com or Google.
secureninja
  • 851
  • 1
  • 6
  • 5
57
votes
3 answers

My Android phone is vulnerable, but there are no updates?

I bought brand new HTC Desire 526G with operating system 4.4.2 (Kitkat), everything is as it should be (not rooted) so it is still on factory settings. But now I didn't get for a long time any security updates, I have checked manually in system…
user134969
  • 1,298
  • 4
  • 15
  • 24
52
votes
10 answers

Replacing Windows 7 security updates with anti-virus?

Microsoft has announced Windows 7 will no longer be receiving updates after January 14, 2020: Here. I hate windows 10's forced updates and telemetry so I have always stuck with Windows 7, but it may be as good as dead after the lack of security…
TritiumCat
  • 593
  • 1
  • 4
  • 10
38
votes
8 answers

Why is it a security problem not to update one's browser?

Is it in general a security problem not to update your browser. Firefox constantly prompts me to update my browser, but how dangerous is it to not update? As part of this question, I would like to know what that problem exactly is. What are the…
Thomas
  • 3,841
  • 4
  • 22
  • 26
30
votes
4 answers

Android security without updates

I have an android phone which, like many others, has quickly become unsupported and is not receiving any updates. At the same time there are publicly available exploits for privilege-escalation vulnerabilities, which are mainly used for legitimate…
android user
  • 303
  • 2
  • 4
13
votes
4 answers

Why Can't Google Just Switch to Pushing Android Security Updates Directly to Users?

Okay, I'll just begin with the question and then elaborate a bit below. It is: Why has the world's dominant maker of non-Apple smartphone operating systems, Google, still not adopted a straight-to-the-user model of distributing security updates for…
mostlyinformed
  • 2,715
  • 16
  • 38
12
votes
1 answer

What is going on with my download of the recent Apple security update?

The update in question is the Mavericks combined update which, among other things, claims to fix the recent SSL vulnerability/gaping hole. This issue really annoyed me, so I decided to procure Apple's PGP key and verify it as best I could. And I…
CHT
  • 229
  • 1
  • 3
12
votes
9 answers

Where to download OpenBSD release ISO's over HTTPS?

OpenBSD claims to be highly secure. So why doesn't it allow downloading the release iso's over HTTPS? Or I'm missing something? Can someone please explain this to me?
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
12
votes
2 answers

OSX HomeBrew Security Risks

I've been trying to harden my OSX 10.11 computer and one of the guides suggested installing Homebrew to get updates to things such as OpenSSL. While updates are great, it seems like Apple should be relatively on top of issues (a recent web test…
Dave
  • 442
  • 3
  • 13
9
votes
1 answer

Does Windows Update modify Hosts file?

I have Avira installed with Hosts file protection enabled. I've noticed a pattern where Avira warns me of an attempted modification of the Hosts file (but alas doesn't tell me which process did the attempt), and soon afterwards a Windows Update…
Medinoc
  • 191
  • 4
8
votes
3 answers

Is there any way to use Nuget securely?

Visual Studio now includes a Package Manager that downloads and updates software packages from the internet. The common name for this is "Nuget" The problem I have is that anyone can pretend to be someone else, by spoofing the owner field. This…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
4 answers

DNS spoofing of linux distribution repositories

Question(s) Is it possible to "redirect" linux-update-repos via DNS spoofing (e.g. DNS cache poisoning) to a malicious website, so that harmful software (updates) will be installed, when running the packet manager's update function (yum, apt-get,…
Levite
  • 819
  • 1
  • 6
  • 14
8
votes
3 answers

How can I circumvent the lack of Java updates?

Just imagine you have a bunch of computers which need Java for some important software and you can't just switch to another vendor because all are using Java in this field of technology. If you start to update Java the software is causing problems…
Andre
  • 221
  • 1
  • 5
7
votes
2 answers

Are devDependencies in Node.js exploitable?

I am well aware that the best approach is to update any dependency, no matter whether it is a development dependency or a runtime/production dependency. But from a research prospective, I want to know whether a vulnerability in development…
LGDGODV
  • 143
  • 5
1
2 3
8 9