A new internet security vulnerability was announced last week, and it is “a scary big deal“. Cloudbleed, the name given to this vulnerability, has led to a potentially wide-spread leak of passwords and other data...
Another potentially serious and widespread vulnerability was announced last week. The DROWN vulnerability was discovered jointly by several universities and Google and is specific to the legacy SSLv2 protocol. Even though clients may never use...
A new GNU C library vulnerability was announced a couple of weeks ago and exposes a critical flaw affecting almost all Linux machines. Discovered independently by Google and Red Hat, the flaw is described as...
Possibly the biggest security news this past week was the announcement of a bug in OpenSSH that opens it to password cracking. Normally, OpenSSH restricts the number failed authentication attempts that can occur on an...
Yesterday, Qualys announced a new vulnerability called GHOST. (Since Shellshock, everyone thinks vulnerabilities need to be named.) This vulnerability is in a critical library, glibc, and is a library used by the Linux kernel and...
There is a new report on a serious piece of malware called Skeleton Key that allows Active Directory logins using a single factor (i.e. password) to be bypassed. This malware, when active on a domain...
I ran across a great article here the other day about a presentation at the Kiwicon in New Zealand. What really caught my eye was the asymmetry in terms of costs to the attacker and...
About all I can say is WOW. Earlier this month, I mentioned that Sony didn’t have the best security practices as evidenced by some of the information leaking out after the large hack. And to...
“Wow” is about all I can say to this article about the recent Sony hack. Along with all the other data that was taken, it now appears that a large number of documents contained passwords...
So after a nice Thanksgiving holiday here in the U.S. last week, we come back to news of yet another hack involving credentials to remotely access a network. As detailed here, SP+, a parking facilities...
