banner
Browser Sessions Trick Can Hack Encrypted Webservers

BlackHat¹ videos are up now… Specifically HEIST video²  – Http Encrypted Information can be Stolen through TCP windows By Tom Van Goethem & Mathy Vanhoef Belgian researchers The technical video about how a browser session can attack a server which attempts to prevent an attack using a token. The aspects of the encryption defense (CSRF token) ..
Read More…

banner
Diamond Model Intrusion Analysis

Did you want to set up your own Intrusion Analysis department? Or at least give a framework for creating a method to understand a breach. Then read this document at threatconnect.com¹ by Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. This document goes into the details of what the attacker/adversary can do to your infrastructure and ..
Read More…

banner
Zmodo camera Has hardcoded Security Flaw

Here is the “moneyquote”: Once it is scanned, you assign a name and connect to the camera.  A very simple and elegant setup solution to get up and running quickly.   Unfortunately for Zmodo and the purchasers of this camera this came out today: CERT² – Computer Emergency Response Team Vulnerability Note VU#301735 – Overview The ..
Read More…

banner
Modern Hackers Good-Bad-Both

I have explained some of the description and history of a hacker on Fixvirus.com post¹: I want to refocus on the 3 types of hackers: White, Gray, and Black hat. The White hat hacker is the good guy, the black hat is the bad evil guy, and the grey hat does both good and bad. This  ..
Read More…

banner
Mismanagement in Vulnerability Management Systems

I’m always scouring the net for interesting presentations and this is an interesting one, from Bsides Detroit By Gordon MacKay¹ which have been put on the Net by Adrian Crenshaw (irongeek.com)² The presentation is about a flaw in vulnerability management systems which also happens to be what Gordon MacKay programs now for Digital Defense Inc. ..
Read More…