Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
Internet Security
VPN Services: A Primer
Jared Hall Internet Security, Telecom Security No Comments
So, I got an Email last week from a fellow in Estonia asking me to add his site to my list of links. I don’t really want to link to everybody with an article, but these people did such a good job evaluating different VPN systems that it is worthy to write about it. Their site […]
Un-Clouding: Don’t Let This Happen to You!
Jared Hall Internet Security No Comments
There was an article that was sent to me entitled “Unclouding trend is real, but preventable“. That got my attention since the Cloud is in that period of disillusionment. They cited a Q3 2016 survey from Datalink that stated that nearly 40% of organizations with public cloud experience have migrated systems from the Cloud to […]
SSL/TLS Email Connection Testing
Jared Hall Internet Security, Spy vs. Spy No Comments
Introduction I’ve developed a Sieve script that will auto-respond with a description of how your email message was received, with a snippet of the “Received:” header If you run a mail server or use a local ISP, this is an easy way to see if connections to this site are secure. To use, simply send […]
VMware Exploited Again: Update Now
Jared Hall General, Internet Security No Comments
On Friday, 9/15/2017, VMware released patches for the ESXi Server, Workstation, and Fusion (Apple) hypervisors. The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host O/S. This affects ESXi version […]
The Insecurity of Journalism
Jared Hall Internet Security, Spy vs. Spy No Comments
Bruce Schneier had an interesting post last week on how insecure journalists are. It turned out to be quite an animated discussion. As I commented therein, I really doubt that your typical newspaper reporter gets much cybersecurity, or even cyber-awareness, training in journalism school. There are no whistle-blowers that go to traditional media anymore, a […]
BOLO: Defray Ransomware
Jared Hall BOLOs, Internet Security No Comments
Proofpoint has identified a new type of ransomware called “Defray“. Two highly-targeted ransomware attacks have been directed at the Healthcare and Education sector, and another at the Manufacturing and Technology sector. As Proofpoint points out, the attack is not of the “spray and pray” variety like most other ransomware attacks. This suggests a very specific threat actor. […]
Top Attacking Countries: July 2017
Jared Hall General, Internet Security 1 Comment
The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
Has Your Password Been Pwned?
Jared Hall Internet Security No Comments
Microsoft’s Troy Hunt has outdone himself. His site is the “Go To” authority for compromised Email accounts. Now, he has added a compilation of exploited passwords, over 320 Million of them. You can check if any of your passwords *might* be compromised here: https://haveibeenpwned.com/Passwords If any of your passwords are listed, you should change them […]
Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher
Jared Hall Internet Security, Telecom Security No Comments
I was reading an article about “Detecting Stingrays” at Schneier’s forum when I came across a post from Omar requesting a code review of an enhanced Rinjdael cipher developed in Iraq: Omar A. Dawood, Abdul Monem S. Rahma, Abdul Mohssen J. Abdul Hossen,”New Symmetric Cipher Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher”, International Journal of […]