I came across this article written by a Greek EE student named Georgios Konstantopoulos. It was published in Hackernoon here: https://hackernoon.com/how-i-hacked-40-websites-in-7-minutes-5b4c28bc8824. It is aptly titled: “How I Hacked 40 Websites in 7 minutes”. The key takeaways here are: If content can be uploaded, take precaution to prevent any execution of data within the upload folders. This is […]
Internet Security
BOLO: 17-Year Old MS-Office Bug in Equation Editor
Jared Hall BOLOs, Internet Security, Microsoft Windows No Comments
This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects […]
Divorce eSecurity: Practical Electronic Security
Jared Hall General, Internet Security No Comments
Author: Jared Hall Revision: 1.1 URL: https://www.jaredsec.com/2017/11/08/divorce-esecurity/ Original Date: 11/11/2010 Revision Date: 11/07/2017 Introduction Separation or divorce is never a good thing. In the case of contested divorces, where the split of assets is complex, the same passion which once brought you and your partner together is often negatively directed to tear each other apart. This […]
Bits on Bitcoin!
Jared Hall General, Internet Security No Comments
Author: Jared Hall Revision: 1.0 URL: https://www.jaredsec.com/2017/11/01/bits-on-bitcoin Date: 11/01/2017 Introduction In the midst of the global financial crisis, a paper was anonymously authored in November of 2008. It described a peer-to-peer, distributed, electronic payment system without the oversight of a “trusted” central party, like a bank, PayPal, or the Federal Reserve. The paper was titled: “Bitcoin“. […]
BOLO: WPA2 WiFi KRACKed. Ouch!
Jared Hall BOLOs, Internet Security No Comments
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
VPN Services: A Primer
Jared Hall Internet Security, Telecom Security No Comments
So, I got an Email last week from a fellow in Estonia asking me to add his site to my list of links. I don’t really want to link to everybody with an article, but these people did such a good job evaluating different VPN systems that it is worthy to write about it. Their site […]
Un-Clouding: Don’t Let This Happen to You!
Jared Hall Internet Security No Comments
There was an article that was sent to me entitled “Unclouding trend is real, but preventable“. That got my attention since the Cloud is in that period of disillusionment. They cited a Q3 2016 survey from Datalink that stated that nearly 40% of organizations with public cloud experience have migrated systems from the Cloud to […]
SSL/TLS Email Connection Testing
Jared Hall Internet Security, Spy vs. Spy No Comments
Introduction I’ve developed a Sieve script that will auto-respond with a description of how your email message was received, with a snippet of the “Received:” header If you run a mail server or use a local ISP, this is an easy way to see if connections to this site are secure. To use, simply send […]
VMware Exploited Again: Update Now
Jared Hall General, Internet Security No Comments
On Friday, 9/15/2017, VMware released patches for the ESXi Server, Workstation, and Fusion (Apple) hypervisors. The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host O/S. This affects ESXi version […]
The Insecurity of Journalism
Jared Hall Internet Security, Spy vs. Spy No Comments
Bruce Schneier had an interesting post last week on how insecure journalists are. It turned out to be quite an animated discussion. As I commented therein, I really doubt that your typical newspaper reporter gets much cybersecurity, or even cyber-awareness, training in journalism school. There are no whistle-blowers that go to traditional media anymore, a […]