Holy crap, Batman! Yes, the company of last resort to protect your identity has just coughed it up. This breach included the Social Security Numbers of 143 Million Americans, a little less that half of the US population. Equifax reports that over 209,000 credit card numbers were stolen, along with identifying information (PCI) for 182,000 […]
The Insecurity of Journalism
Jared Hall Internet Security, Spy vs. Spy No Comments
Bruce Schneier had an interesting post last week on how insecure journalists are. It turned out to be quite an animated discussion. As I commented therein, I really doubt that your typical newspaper reporter gets much cybersecurity, or even cyber-awareness, training in journalism school. There are no whistle-blowers that go to traditional media anymore, a […]
How To Monetize Your Job In Security
I am very happy that the Adobe Flash Player is finally getting killed off. It is the single most bug-ridden program that has ever existed on this planet. Even worse is that many people think that anything-Abobe is Open Source when, in fact, it is anything but. Nowadays, most websites have converted Flash content to […]
Of NSA Vulnerability Disclosures and Cyber-Command
Jared Hall General, Spy vs. Spy No Comments
Wow. That’s a lengthy title that covers just about anything. Really, this is just a sounding-out of what’s been happening in the Spy business lately. Vulnerability Disclosure To start with, there’s a good read on Lawfare, entitled “No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession“. It was written by Rick Ledgett, Deputy […]
BOLO: Defray Ransomware
Jared Hall BOLOs, Internet Security No Comments
Proofpoint has identified a new type of ransomware called “Defray“. Two highly-targeted ransomware attacks have been directed at the Healthcare and Education sector, and another at the Manufacturing and Technology sector. As Proofpoint points out, the attack is not of the “spray and pray” variety like most other ransomware attacks. This suggests a very specific threat actor. […]
Fun With Windows 10’s Utility Menu
Jared Hall Microsoft Windows No Comments
Writer David Pogue mentions a useful Windows 10 Utility Menu available for technicians and power users. It is simply invoked using the keys WINDOWS + X. Yes, depressing the Windows and “x” keys simultaneously brings up a Windows 10 utility menu with all the good stuff you need:
Top Attacking Countries: July 2017
Jared Hall General, Internet Security No Comments
The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
Has Your Password Been Pwned?
Jared Hall Internet Security No Comments
Microsoft’s Troy Hunt has outdone himself. His site is the “Go To” authority for compromised Email accounts. Now, he has added a compilation of exploited passwords, over 320 Million of them. You can check if any of your passwords *might* be compromised here: https://haveibeenpwned.com/Passwords If any of your passwords are listed, you should change them […]
Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher
Jared Hall Internet Security, Telecom Security No Comments
I was reading an article about “Detecting Stingrays” at Schneier’s forum when I came across a post from Omar requesting a code review of an enhanced Rinjdael cipher developed in Iraq: Omar A. Dawood, Abdul Monem S. Rahma, Abdul Mohssen J. Abdul Hossen,”New Symmetric Cipher Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher”, International Journal of […]
BroadPwn Exploit: iOS and Android Updates
Jared Hall General No Comments
Worms have been less of a problem in the world today because of two security features: DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. […]