Wired ran a story about widespread GPS errors experienced with merchant vessels traveling in the Black Sea. That story can be found here: https://www.wired.co.uk/article/black-sea-ship-hacking-russia. This has been experienced by at least 20 ships over the past year. One ship reports errors in the GPS-powered Automatic Identification System (AIS) every time they approach the Russian port of […]
SSL/TLS Email Connection Testing
Jared Hall Internet Security, Spy vs. Spy No Comments
Introduction I’ve developed a Sieve script that will auto-respond with a description of how your email message was received, with a snippet of the “Received:” header If you run a mail server or use a local ISP, this is an easy way to see if connections to this site are secure. To use, simply send […]
Microsoft Office: No Shortage of Exploits
Jared Hall General No Comments
There exists another vulnerability (of sorts) within Microsoft Word that is actively being exploited for espionage and surveillance purposes. What is happening is that a Unicode reference to the INCLUDEPICTURE field can include a hyperlink to an external image or file, like a PHP script on a remote server. This is an OLE2 (Object Linking […]
VMware Exploited Again: Update Now
Jared Hall General, Internet Security No Comments
On Friday, 9/15/2017, VMware released patches for the ESXi Server, Workstation, and Fusion (Apple) hypervisors. The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host O/S. This affects ESXi version […]
WordPress 4.8.2: Update Now.
Jared Hall WordPress No Comments
A new WordPress version, 4.8.2, has been released. As this contains security fixes, all WordPress sites should be updated immediately. The update includes a fix to $wpdb->prepare() to help protect against SQLi injection attacks. WordPress core is not vulnerable to SQLi injection attacks directly, but certain plugins and themes may be vulnerable depending on how […]
Top Attacking Countries: August 2017
The top three countries countries continue to be Russia, United States, and Ukraine. The US has moved into the top spot. China moved up two notches to #4. July 2017’s report can be found here.
Microsoft’s 9/2017 Patch Tuesday
Jared Hall Microsoft Windows No Comments
Microsoft’s September 2017 Patch Tuesday is a real humdinger, even exceeding August’s Patch Tuesday; encompassing 259 security patches covering 82 vulnerabilities. Windows 7: 22 vulnerabilities of which three are rated critical, 19 important Windows 8.1: 26 vulnerabilities of which four are rated critical, 22 important Windows 10 version 1703: 25 vulnerabilities of which two are […]
Equifax Hacked
Jared Hall General No Comments
Holy crap, Batman! Yes, the company of last resort to protect your identity has just coughed it up. This breach included the Social Security Numbers of 143 Million Americans, a little less that half of the US population. Equifax reports that over 209,000 credit card numbers were stolen, along with identifying information (PCI) for 182,000 […]
The Insecurity of Journalism
Jared Hall Internet Security, Spy vs. Spy No Comments
Bruce Schneier had an interesting post last week on how insecure journalists are. It turned out to be quite an animated discussion. As I commented therein, I really doubt that your typical newspaper reporter gets much cybersecurity, or even cyber-awareness, training in journalism school. There are no whistle-blowers that go to traditional media anymore, a […]
How To Monetize Your Job In Security
I am very happy that the Adobe Flash Player is finally getting killed off. It is the single most bug-ridden program that has ever existed on this planet. Even worse is that many people think that anything-Abobe is Open Source when, in fact, it is anything but. Nowadays, most websites have converted Flash content to […]