Richard Bejtlich has a new post (as of May 10) http://taosecurity.blogspot.com/ He set out a few excerpts of a 1978 book “Computer Capers” by Thomas Whiteside. To me the most interesting excerpt(2nd): “The difficulties of catching up with the people who have committed computer crimes is compounded by the reluctance of corporations to talk about the … Read more
Yes I am sure you heard the saying: If you fail to plan, Plan to fail How does one plan for as secure as possible while also meeting business objectives? Harry Folloder(CIO of Advantage WaypointLLC – 10$Bil in food service sales) has 6 tips in this article: http://www.darkreading.com/attacks-breaches/building-a-stronger-security-strategy-6-tips/a/d-id/1320247? Being in charge of a large IT … Read more
This story is unique: https://threatpost.com/wordpress-sites-backdoored-leaking-credentials/112703 A partial list of hacked sites are available on the link above (threatpost site from Zscaler research) : (Screenshot of Threatpost partial list) And the full list is here from Zscaler Threatlab website: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html Please do not go to the websites as they will give you malware.I went to one, … Read more
Of course you could also disconnect your computer from the Internet. Here is your computer disconnected from Internet: But even disconnected from Internet a virus can still enter your computer (airnet). This is where a computer can get a virus from a flashdrive. Stuxnet was transmitted by usb flash drives, several infected flash drives were … Read more
Sucuri blog has the detailed information: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html In short, the plugins Jetpack and TwentyFifteen had a bad file which could be attacked by a XSS(Cross Site Scripting) method. As Sucuri blog mentions the attack is actually DOM(Domain Object Model)-based XSS, which even a WAF(Web Application Firewall) cannot see this. Of course it has to … Read more
