ouch!
Another certificate issuer hands out fake certificates. well not fake necessarily, but certainly not for the business or service intended for.
EFF Post
All of the various findings, articles, videos, pictures, and other stuff I dig up on the web. Anything on this site was posted by me. Any opinion expressed here is only my own
2011/08/31
New Whitepaper #1: Musings on the PSN Attack Vector
New whitepaper available if you want to provide your information.
this one is on the Sony PSN attacks.
Here are the power point slides from the presentation.
this one is on the Sony PSN attacks.
Here are the power point slides from the presentation.
Windows GPO Management
So this begins a discussion of how to manage change control on your Windows GPO elements. These tutorials and tricks do require a few extra MS products, but are still worth reading, even if you do not have these tools.
Stay tuned for upcoming posts with more tutorials in this series.
2011 Federal Cybersecurity Conference and Workshop
The 2011 Federal Cybersecurity Conference and Workshop is a National Cyber Security Awareness Month event that will examine these challenges from a variety of perspectives, and aligns with the Month’s theme of “Cybersecurity: Our Shared Responsibility.” The conference is supported by an advisory council of representatives from National Institute of Standards and Technology (NIST), National Security Agency (NSA), Department of Defense (DoD), the Intelligence Community (IC), and various Industry partners.
Read more here.....
Read more here.....
2011/08/29
2011/08/27
2011/08/25
Killer Apache Update
There is an official announcement now......
announcement
---------------------------------------------------
almost sounds like a monster movie, and for some of us it could be a real monster soon....
announcement
---------------------------------------------------
almost sounds like a monster movie, and for some of us it could be a real monster soon....
Your Router is out to Get You.....!!!
So I have seen people playing with this for some time, but it looks as if the stakes have been raised a little bit now.
So for those who don't know:
"UPnP, or universal plug and play, is a handy feature that lets devices on your network self-configure on a network, but it’s also a security hazard. A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in."
Home Router Security Tips
Andy Garcia has written up a little tool that can demonstrate this problem. Attackers can redirect your traffic, reconfigure your router, and scan your internal network. .....And this is because the WAN port accepts UPnP commands? WTF! Why can't vendors turn stuff like this off on default, since most people don't use it or really even know what it does.
Ugggh!
So for those who don't know:
"UPnP, or universal plug and play, is a handy feature that lets devices on your network self-configure on a network, but it’s also a security hazard. A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in."
Home Router Security Tips
Andy Garcia has written up a little tool that can demonstrate this problem. Attackers can redirect your traffic, reconfigure your router, and scan your internal network. .....And this is because the WAN port accepts UPnP commands? WTF! Why can't vendors turn stuff like this off on default, since most people don't use it or really even know what it does.
Ugggh!
Killer Apache Perl Script
almost sounds like a monster movie, and for some of us it could be a real monster soon....
Apache Killer
For any who might be worried, there has been a functional workaround published on the Full Disclosure website.
Apache Killer
For any who might be worried, there has been a functional workaround published on the Full Disclosure website.
Microsoft Announces Collaboration With CS2C in China
MS announcement
So Microsoft announced a formal agreement to work with one of the largest Linux firms in China. Interesting......
It was announced that it was for cloud services offerings in China, but I am sure it is also tied into the many agreements forged recently that has various vendors pay Microsoft patent royalties on the Linux implementations.
“While cloud computing promises to move computing to the next level, a critical challenge that many organizations face is rationalizing diverse technologies and different platforms,” said Lu Shouqun, chairman of China OpenSource Promotion Union. “The commitment between Microsoft and CS2C to provide mixed source solutions will not only allow the co-existence of different operation platforms in the cloud environment, but also enhance choice for customers.”
So Microsoft announced a formal agreement to work with one of the largest Linux firms in China. Interesting......
It was announced that it was for cloud services offerings in China, but I am sure it is also tied into the many agreements forged recently that has various vendors pay Microsoft patent royalties on the Linux implementations.
“While cloud computing promises to move computing to the next level, a critical challenge that many organizations face is rationalizing diverse technologies and different platforms,” said Lu Shouqun, chairman of China OpenSource Promotion Union. “The commitment between Microsoft and CS2C to provide mixed source solutions will not only allow the co-existence of different operation platforms in the cloud environment, but also enhance choice for customers.”
Subscribe to:
Posts (Atom)