Politico ran a story on the personal cell phone belonging to White House Chief of Staff, John Kelly. It turns out that it was hacked sometime in December of 2016. He’d been using and fiddling with it up until September 2017, when he finally gave it to staffers to figure out why he couldn’t get […]
Humor: Problem Solving Flowsheet
This is an “off-color” comic that any engineer or technician is familiar with. This was popular back in the 80’s and is still funny today. I remember seeing a variant of this circulating around DSTE (Digital Subscriber Terminal Equipment) and Crypto maintenance techs back in my old Air Force days. Alas, many a unit could […]
WordPress Update
Jared Hall General No Comments
There is an issue with $wpdb->prepare() that can lead to unsafe queries and SQL Injection attacks. This does not occur with WordPress core, but can affect add-on plugins and themes. If you do not have Automatic Updates enabled, please download the new release as soon as possible. The WordPress bulleting is here: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Social(Networking+Engineering) Defeats Physical Security
Jared Hall General No Comments
I found an interesting article on Motherboard from a Pentester named Sophie Daniel. She did more than your standard online cybersecurity Penetration Testers do; she gained unrestricted physical access to a secure facility. Here’s the general process of the attack: Acquired Business Information Solicited business Information through website data, aerial/satellite photographs, and maps. Acquired Personnel […]
Chrome Browser Update: 62.0.3202.75
Jared Hall General No Comments
Google has released Chrome version 62.0.3202.75 for all operating systems. This fixes a high-severity stack-based buffer overflow bug. My Chrome browser did not update automatically, but did so when I went into Settings->Help->About Chrome. Threat Post has a more detailed write-up here: https://threatpost.com/google-patches-high-severity-browser-bug/128661/
Bits on Bitcoin!
Jared Hall General, Internet Security No Comments
Author: Jared Hall Revision: 1.0 URL: https://www.jaredsec.com/2017/11/01/bits-on-bitcoin Date: 11/01/2017 Introduction In the midst of the global financial crisis, a paper was anonymously authored in November of 2008. It described a peer-to-peer, distributed, electronic payment system without the oversight of a “trusted” central party, like a bank, PayPal, or the Federal Reserve. The paper was titled: “Bitcoin“. […]
Speed Dating for SysAdmins
I got a chuckle out of this comic found on Google IT. This should be titled: How not to pick up girls!
BOLO: WPA2 WiFi KRACKed. Ouch!
Jared Hall BOLOs, Internet Security No Comments
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
A Netsec’s Favorite Mayonnaise
From Google’s IT Forum:
Microsoft Patch Tuesday: October 2017
Jared Hall General No Comments
Hmm. It’s another big update. Front and Center is CVE-2017-11826, a Remote Code Excecution, Zero-Day bug in all versions of Office 2007 and later, Word Automation Services, and Microsoft Office Web Apps server. This is important since there are active exploits of this bug “in the wild”. Two other Zero-Day bugs were fixed, CVE-2017-8703 (DOS in the […]