Tag: internet
-
Security News – WK4 May 2016
The great Linkedin hack A hacker called “Peace” recently tried to sell a password database of ~ 117 million Linkedin login details that come as a the result of a 2012 breach on the professional relationship social media site. In a blog post published on May 18, LinkedIn CISO Cory Scott wrote, “Yesterday, we became…
-
Surprise!
And following on from Locky comes Surprise, this week’s flavour of ransom-ware! Yeah! This latest ransom-ware family that’s being distributed with Teamviewer 10, specifically version 10.0.47484, launches a file remotely called surprise.exe and then silently goes about its business injecting malware and encrypting files. Teamviewer themselves have indicated that they’ve had no breach of credentials…
-
Security News – Wk2/3 Mar 2016
MITRE has been running the CVE vulnerability identification and logging system for what seems like forever. Mostly this has worked well but recently it seems that applications to MITRE for CVE no’s have been taking longer than expected. In fact, the issue appears to be so bad that Kurt Seifried from Red Hat has decided…
-
DROWN
Another day, another SSL attack. A new, low-cost attack has been found, that decrypts sensitive communications in a matter of hours and in some cases almost immediately. I hereby name you DROWN! And CVE-2016-0800. The attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through SSLv2, a TLS precursor…
-
Security News – Wk2 Feb 2016
We start off this week with news of Adobe’s Creative Cloud deleting data on Apple MACs – not a security issue in itself but still a serious issue. I’m sure there’s a lot of pissed-off people out there – losing data due to someone else’s problem is not nice. Onto security-specific news, the UK GCHQ…
-
Security News – wk4 Jan 2016
Backdoors seem to be the order of the day: SEC Consult in Austria have found what they term a “deliberately hidden backdoor account” in NX-1200, a network controller appliance for conference rooms manufactured by AMX, which is used by governmental and military bodies (even the US White House), educational and healthcare institutions, hotels and conference centers…
-
Security News – wk2 Jan
I’m going to be pushing my security column out on at least a bi-monthly basis from now on – a 2016 resolution! ; ) This past week’s Patch Tuesday from Microsoft was quite a serious affair – 9 security advisories covering 25 vulnerabilities of which 6 advisories address critical level flaws in IE, Office, Windows and…
-
The scourge of Ransomware
From Wikipedia: Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files. To say that Ransomware…
-
Adobe: Stop using Flash
Wow! This is one for the books – Adobe telling everyone to stop using a product of theirs! http://blogs.adobe.com/conversations/2015/11/flash-html5-and-open-web-standards.html?scid=social_20151201_55826586&adbid=671559505906282496&adbpl=tw&adbpr=63786611 This is just reinforcing what we’ve known all along – Flash is a security nightmare! Mozilla and Chrome have been actively blocking flash for some time now and I must say, I don’t really miss it. Considering…
-
Flash triple threat
The last week has been a very interesting one ( read OMG it’s almost the end of the world ) in the security world. There were new threats from all corners but Adobe Flash stole the show with 3 critical issues in 2 days. All 3 issues could result in remote code execution or DoS attacks.…
-
Home routers: security fail
It’s no secret that I absolutely hate non-business/home-based ( ADSL/3G/other ) routers. From a security point of view, they have a history of never-ending security issues that result in a variety of malicious attacks including DNS reflection, remote control, spam, malware infections and other attacks. There are other serious issues including ( but not limited…
-
Invoiceplane takes another step
I took quite some time to find an accounts/invoicing package that suits my work style but I finally came upon Invoiceplane last year. The basic requirements were: product/service database client database create quotes create invoices send invoices via email classification of invoices and quotes ( workflow eg. created, sent, overdue, etc. ) list invoices by…
-
Online security in the shopping season
Online security should always be the focus of anyone using the internet. Yet major holidays tend to be more important seeing as there are many who only shop online around this time. Black Friday especially is a big draw-card. The fact is that online security is part common sense and part preventative maintenance. If you…
-
A fascination with special characters
In the computer world, special characters can have a certain usefulness or can be a hindrance. The very first special character I learnt 25 years ago, was the colon. It was ( still is ) used as the delimiter to change drive letters in DOS. eg. if you were in drive C and wanted to go…
-
Security issues in ADSL and other routers
I’ve never been a fan of using ADSL/Wifi routers as the main firewall for a network ( which unfortunately ends up being the case for most home users ). These are devices built to the cheapest price, using the cheapest software development and generally, there are very few ( if any updates ) for security…
