Monthly Archives: November 2015

AVG

It’s Cyberattack Season: Did You Get Your Immunization Shot?

There’s a term in public health known as “herd immunity.” The idea is that when a critical number of people are immunized against a contagious disease, most members of that community become protected against the disease, whether or not they received an inoculation.

Breaking the chain of a disease’s transmission enables us to interrupt the ability of the pathogen to set in at a broader scale in our community. In this way, vaccinations protect people who have and haven’t been vaccinated.

The same principle applies to our digital lives which are just as connected, if not more connected, to digital threats and “pathogens” that steal our data and identities, disrupt our productivity, and mar our public profiles.  We spend a great deal of time and energy investing in firewalls and the technical parts of our infrastructure to protect data and privacy, but what about our behavioral practices?

Do we take the time to inoculate ourselves against habits that could risk the digital wellbeing of our family and friends? Or do we, for example, still ask family members for Social Security numbers via email? Or send credit card information and/or passwords insecurely?

“The important principle here is that there are things I can do to help ensure a safer online world for you, and vice versa.”.

If, for example, you posted a compromising photo on social media, I can opt to not re-post it, protecting you from further harm. And if everyone who comes across the photo does the same, we’ve inoculated you from damage even though you had failed to protect yourself.

This is the mindset that we need to adopt in being good digital citizens and embodying the characteristics of a “smart user.” By doing so, we can create an entire network and community of safety and protection.

Most of us, especially the youth and others around the world who are coming online for the first time, are particularly vulnerable. We were all the same at some time. When I worked at Netscape, for example, and got my first email message from a friend “stranded in Thailand,” asking for money – I almost fell for it! On the exposure curve, I was just like a lot of new users today.

Let’s take a page from the herd immunity playbook and create a safer and more private digital world for all of the new users coming online, in addition to helping these users become more educated in smart online behaviors.

AVG has committed to a smart user digital citizenship initiative to build a better web. Please join us or see how you can support this initiative. Because after all, the more you do to help make the web a safer place, you do so not only for yourself but for the whole herd.

To learn more, please visit smartuser.com.

NVD

CVE-2015-8216

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

NVD

CVE-2015-8217

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

NVD

CVE-2015-8218

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

NVD

CVE-2015-8219

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.