I got a chuckle out of this comic found on Google IT. This should be titled: How not to pick up girls!
BOLO: WPA2 WiFi KRACKed. Ouch!
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
A Netsec’s Favorite Mayonnaise
From Google’s IT Forum:
Microsoft Patch Tuesday: October 2017
Hmm. It’s another big update. Front and Center is CVE-2017-11826, a Remote Code Excecution, Zero-Day bug in all versions of Office 2007 and later, Word Automation Services, and Microsoft Office Web Apps server. This is important since there are active exploits of this bug “in the wild”. Two other Zero-Day bugs were fixed, CVE-2017-8703 (DOS in the […]
VPN Services: A Primer
So, I got an Email last week from a fellow in Estonia asking me to add his site to my list of links. I don’t really want to link to everybody with an article, but these people did such a good job evaluating different VPN systems that it is worthy to write about it. Their site […]
The How & Why of Caller-ID/SMS Spoofing
Caller-ID Spoofing? There’s an App for that! I recently received correspondence from individuals that I did not communicate and quickly determined that an unknown party has been spoofing my phone number. Between 2006 and 2007, I did some work for a small, local CLEC that had a CLASS 5 switch in St. Petersburg. They had […]
Common Mistakes Made With Your Tech Partners
ZDNet published an article “Ten mistakes to avoid when working with tech partners“, summarized herein by specifying what a company should do: Don’t treat all tech partners the same. Each of your tech partners have different functions, styles, and backgrounds. They each contribute to your success in a different way. You cannot manage them in […]
Un-Clouding: Don’t Let This Happen to You!
There was an article that was sent to me entitled “Unclouding trend is real, but preventable“. That got my attention since the Cloud is in that period of disillusionment. They cited a Q3 2016 survey from Datalink that stated that nearly 40% of organizations with public cloud experience have migrated systems from the Cloud to […]
Joomla: Security Update
Joomla corrected a bug that was created 8 years ago where an attacker can steal website administrator credentials. The bug exists in Joomla’s LDAP (Lightweight Directory Access Protocol). Input is not properly sanitized, so an attacker can use wildcards to progressively determine credentials. Although the bug was present for 8 years, Joomla fixed it promptly […]
Top Attacking Countries: September 2017
The top three countries countries continue to be Russia, United States, and Ukraine. Russia re-assumed its position at #1. China moved down to #5. August 2017’s report can be found here.