Yesterday, Qualys announced a new vulnerability called GHOST. (Since Shellshock, everyone thinks vulnerabilities need to be named.) This vulnerability is in a critical library, glibc, and is a library used by the Linux kernel and...
Patches to glibc to eliminate issues from GHOST have been implemented. Based on the current information available on the GHOST threat, GreenRADIUS should not be vulnerable to this attack. This patch has been integrated to...
I ran across this great article about the disappearance of instruction manuals and thought about how today (as noted in the article, but it’s pretty common) that the manual for my last computer was a...
The annual list of the worst passwords just came out. As usual, it should be more than enough to make those of us trying to provide security groan, moan, and slap our collective heads. The...
There is a new report on a serious piece of malware called Skeleton Key that allows Active Directory logins using a single factor (i.e. password) to be bypassed. This malware, when active on a domain...
I ran across this article about the latest iCloud problem. The security hole is interesting in that it could be exploited to bypass any and all higher-level or secondary authentication checks. So the hack came...
Normally, we think of bottlenecks as a bad thing. They limit how fast we can go, how much bandwidth we have, and keep us from reaching our full capability. We definitely do as much as...
So a breach reported by the US Postal Service (USPS) a few months ago has now revealed that 485,000 employees may have been impacted. Importantly, the data is health information, not necessarily financial, but included...
I ran across this article about a small, but important problem in a hospital. As relayed by the author, the nurses were unable to log in successfully to the computers controlling medications and had to...
Interesting news today on the JPMorgan Chase hack from earlier this year. Apparently, while Chase had implemented 2FA in general, they didn’t complete the coverage on all servers and services. The attackers were simply able...
