More WordPress Plugin Weakness-Vulnerability

Sucuri blog has the detailed information: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html   In short, the plugins Jetpack and TwentyFifteen had a bad file which could be attacked by a XSS(Cross Site Scripting) method.   As Sucuri blog mentions the attack is actually DOM(Domain Object Model)-based XSS, which even a WAF(Web Application Firewall) cannot see this. Of course it has to … Read more

BBQSQL – for Delicious SQL Injection Testing

Official Kali Linux BBQSQL site: http://tools.kali.org/vulnerability-analysis/bbqsql BBQSQL is a Python based blind SQL injection tool to test your SQL connections on the Internet.  (why bbq? because SQL injection is delicious) This is a bit more advanced than the SVA -(Scan Vulnerability Analysis) within the SVAPE & C  http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/ SQL injection is more like the PE portion … Read more

Oct: Swipe&Sign + Breach = Merchant Liable Not CC companies

The Cybersecurity field knows this has been in the works for a year now, and in 5 months it will happen.   Chip in a Credit card The US will catch up to the rest of the world as world travelers know this.  (Europe has had it since 2004) http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php In this image from the … Read more

We Must Master The Cybersecurity Basics

A great SECINT (Security Intelligence) paper John Stewart wrote: http://www.cisco.com/web/about/security/intelligence/JNS_TTPs.pdf   Basics must be mastered: patching Identity: Strong identity, federated Identity, and identity based networking Eliminate dark space Notice that the basic #1 item is  patching.  We must be able to cover patching on a timely basis with a regular methodology. Otherwise our systems are … Read more

Linux Servers Can Get Malware Too

    Yes it is a big deal, since many IT folks do not know that malware is on all computers, Malware is short for malicious software and is typically “installed” in Windows machines  with a phishing email, but what makes this unique is not just the Linux system attacks, but how they got attacked. … Read more