Wow. That’s a lengthy title that covers just about anything. Really, this is just a sounding-out of what’s been happening in the Spy business lately. Vulnerability Disclosure To start with, there’s a good read on Lawfare, entitled “No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession“. It was written by Rick Ledgett, Deputy […]
General
Top Attacking Countries: July 2017
The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
BroadPwn Exploit: iOS and Android Updates
Worms have been less of a problem in the world today because of two security features: DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. […]
Of SSL, Content Security, and Pesky Protocols
Sometimes we learn about protocols. Sometimes, we learn from protocols. The latter was the case for me as I set about evaluating various SSL/TLS website and Email test suites. SSL Online Test Suites The following three tools actually compliment each other, each providing unique functions not available in the other test suites. It is best […]
Verizon Wireless? Change your passwords.
The title of this post says it all; and it’s all over the news. NICE Systems, Ltd, an Israeli company, does backend call-center work for Verizon. In a project with Verizon, a cloud server from Amazon AWS S3 was used to store call center data in an effort to improve customer service. However, that data […]
Top Attacking Countries: June 2017
The US moved into the #2 spot, flip-flopping with the Ukraine at #3 when compare to Wordfence’s May summary:
Critical Patch Tuesday: 7/11/2017
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Debate: Technology, Privacy, and Law Enforcement
Wow. So, I’m trolling through TV channels and I came across a great debate on CSPAN on July 8th. It was originally aired live on June 6, 2017. The CSPAN broadcast can be found here. The debate was sponsored by Intelligence Squared, and their podcast of the debate can be found here. The Debate Question: […]
WordPress and Joomla Updates
There were two bugs discovered and fixed in the popular WordPress “WP Statistics” plugin. The first one is a SQL Injection vulnerability that could be exploited by a local, low-privileged user, like a “Subscriber” account. A SQL Injection attack could allow that subscriber to be able to add an “Administrator” account. About the time that […]
Skype: Critical Vulnerability Patched
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]