The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
General
BroadPwn Exploit: iOS and Android Updates
Jared Hall General No Comments
Worms have been less of a problem in the world today because of two security features: DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. […]
Of SSL, Content Security, and Pesky Protocols
Jared Hall General No Comments
Sometimes we learn about protocols. Sometimes, we learn from protocols. The latter was the case for me as I set about evaluating various SSL/TLS website and Email test suites. SSL Online Test Suites The following three tools actually compliment each other, each providing unique functions not available in the other test suites. It is best […]
Verizon Wireless? Change your passwords.
Jared Hall General No Comments
The title of this post says it all; and it’s all over the news. NICE Systems, Ltd, an Israeli company, does backend call-center work for Verizon. In a project with Verizon, a cloud server from Amazon AWS S3 was used to store call center data in an effort to improve customer service. However, that data […]
Top Attacking Countries: June 2017
Jared Hall General, Internet Security 1 Comment
The US moved into the #2 spot, flip-flopping with the Ukraine at #3 when compare to Wordfence’s May summary:
Critical Patch Tuesday: 7/11/2017
Jared Hall General, Microsoft Windows No Comments
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Debate: Technology, Privacy, and Law Enforcement
Jared Hall General, Internet Security, Spy vs. Spy No Comments
Wow. So, I’m trolling through TV channels and I came across a great debate on CSPAN on July 8th. It was originally aired live on June 6, 2017. The CSPAN broadcast can be found here. The debate was sponsored by Intelligence Squared, and their podcast of the debate can be found here. The Debate Question: […]
WordPress and Joomla Updates
Jared Hall General, WordPress No Comments
There were two bugs discovered and fixed in the popular WordPress “WP Statistics” plugin. The first one is a SQL Injection vulnerability that could be exploited by a local, low-privileged user, like a “Subscriber” account. A SQL Injection attack could allow that subscriber to be able to add an “Administrator” account. About the time that […]
Skype: Critical Vulnerability Patched
Jared Hall General, Microsoft Windows No Comments
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]
HIPAA: Product Sunsets
Jared Hall General, HIPAA, Microsoft Windows No Comments
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]