Telecom Tidbits
Jared's Network and Security Blog
  • Home
  • Telecom Corner
  • About
  • Contact
  • Donate
  • Site Index
  • Links

Apple Fixes Critically Stupid Error in High Sierra

November 29, 2017 Jared Hall General

ZDnet broke a story about a critical error in macOS 10.13.0, 10.13.1 (current), and 10.13.2 Beta.  The issue is that the system allows login of the “root” user, with no password.  Simply wake up the Mac, go to the logon screen, and select “Other User”.  Enter a username of “root” with a blank password. Enjoy the […]

More

Update Your Dahua NVR & IP Cameras

November 28, 2017 Jared Hall General

Positive Technologies has outdone themselves.  They have discovered a critical vulnerability in Dahua IP Cameras and NVR systems and has documented it here.  CERT has a good write-up available as well. I’ve always liked Dahua because for their relatively low cost and durability.  Their cameras and NVRs are built like brick houses. There are software […]

More

Intel Inside? Better get it out!

November 28, 2017 Jared Hall General

Alas, poor Intel.  What a mess you’ve made. On November 17, 2017 I wrote an article describing the work Positive Technologies had done in researching the Intel Management Engine and discovering the NSA’s HAP (High Assurance Program) boot mode. They found a bunch of flaws in the Intel architecture which has the industry buzzing. The […]

More

Hacking VoIP Phones

November 28, 2017 Jared Hall General

Business Insider has an interesting article on how they were able to attack and exploit Cisco VoIP phones.  After all, as they point out, what is a VoIP phone?  It’s a computer with a microphone!  Their article can be viewed here: http://www.businessinsider.com/hackers-can-turn-office-phone-into-remote-listening-device-cybersecurity-hack-cisco-spying-tap-2017-11 Yes, your VoIP phones fall squarely into the category of Internet of Things. and […]

More

40 Websites Hacked in 7 Minutes

November 27, 2017 Jared Hall Internet Security

I came across this article written by a Greek EE student named Georgios Konstantopoulos.  It was published in Hackernoon here: https://hackernoon.com/how-i-hacked-40-websites-in-7-minutes-5b4c28bc8824.  It is aptly titled: “How I Hacked 40 Websites in 7 minutes”. The key takeaways here are: If content can be uploaded, take precaution to prevent any execution of data within the upload folders.  This is […]

More

BOLO: 17-Year Old MS-Office Bug in Equation Editor

November 27, 2017 Jared Hall BOLOs, Internet Security, Microsoft Windows

This post is worthy of a BOLO.  Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office.  This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents.  These formulas exists as OLE (Object Linking and Embedding) objects […]

More

Fun With Windows 10 Fall Creator’s Update (FCU)

November 27, 2017 Jared Hall Microsoft Windows

So, I set about in October with great hopes of updating my Windows 10 boxes to the new Fall Creator’s Update.  I was most interested in the enhanced security in Windows Defender.  I had mixed success with the update (NOTE: #1).  Here’s some of the features therein: Windows Mixed Reality When actual reality just isn’t […]

More

New VMware Vulnerabilities

November 22, 2017 Jared Hall General

VMware  has fixed critical vulnerabilities, releasing these versions: Horizon View Client 4.6.1,  Workstation Pro 12.5.8, Workstation Player 12.5.8, Fusion Pro / Fusion 8.5.9. These address issues ranging from Client O/S being able to run commands on the Host O/S, crashing Client VMs (Virtual Machines), and unprivileged users crashing their VMs.  Note that Workstation 14.X and Fusion 10.X versions […]

More

Microsoft Security Bulletin: Quakbot and Emotet Trojans

November 22, 2017 Jared Hall General

Earlier this month, Microsoft released a security bulletin with comprehensive information about the Quakbot and Emotet Banking Trojans. They release their own variant of this malware’s Kill Chain: To guard against this problem, Microsoft has two solutions; (1) Use Advanced Threat Protection (ATP) with Office 365/Exchange Online email services, and (2) Activate the Windows Defender […]

More

Patch Tuesday: November 2017

November 22, 2017 Jared Hall General

Microsoft’s Patch Tuesday for this month includes 53 updates.  There are four Zero-Days fixed, although no known exploits for these exist in the wild. CVE-2017-8700 (ASP.NET Core information disclosure) CVE-2017-11827 (Microsoft browser memory corruption) CVE-2017-11848 (Internet Explorer information disclosure) CVE-2017-11883 (ASP.NET Core denial of service) The Dot.Net fixes always present some challenges for business customers. […]

More

‹ 1 2 3 4 ›»

Tools & Downloads

Download Center

Categories

Good Reads (PDF)

Recent Posts

  • PayPal Woes and Degenerative AI
  • A Pathetic Defense of Julian Assange
  • Damned if you do. Damned if you don’t.
  • ProtonMail? Not Worth an Electron!
  • Give it a REST: Serious WordPress Bugs
$
Select Payment Method
Personal Info

Donation Total: $20.00

↑

  • Home
  • Telecom Corner
  • About
  • Contact
  • Donate
  • Site Index
  • Links
Temporal Based Intelligence © 2017