New Public Breach at sally Beauty Supply

bankinfosecurity has the information

 

The initial reports were that it was a data breach, but no credit card data was stolen, but 11 days later it looks as many as 25,000 records were exposed and stolen

Sally Beauty Supply operates approximately 500 stores worldwide and had $3.6 billion in sales in 2013.

 

As usual this may take some time to fully develop.  Always check your credit card statements for fraudulent activity.

New Microsoft Word vulnerability

Technet link – specific wording:

The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

——————————————————————————————–

So if a malicious RTF(Rich Text Formatting file is opened inside Microsoft Word it will allow the attacker to run commands that normally cannot be run.

So it is possible we have yet to see the full effects on this vulnerability., as viruses and other attacks are being crafted(very likely).

The Microsoft ‘fix’ initially is to not allow RTF files to be opened.

Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. 

“This is not a fix, just a kludge” says TonyZ  – as people will open these files not knowing what will happen.

WordPress DDOS potential overplayed?

That is what Jason Cohen (CTO of WP engine) is saying at blogs.csoonline.com

He also said: (what the pingback function does, calling it “an altruistic, friendly, social system.”)

What can happen is a lot of pingbacks with the links in the comments.  If done  on many pages with a lot of effort it can happen. I recommend everyone use moderated comments to prevent automated bots if you must turn on pingbacks.

And remember – you can always turn off pingbacks.  In Settings–> Discussion Settings

we have no pingbacks in our WordPress sites.

Wifi “wardriving” with a raspberry Pi: is the size of a cellphone

Raspberry pi is a cellphone sized wafer board with circuits running a basic Linux  Operating system (Raspberry Pi).

Blog .spiderlabs.com  

Has a good article explaining how to use USB GPS, and battery to connect to a wifi antenna and a 8GB – 16GB SD Card.

But interesting to note this is the kind of article a “unethical” hacker will use to find vulnerable wifi routers and access points to attack networks.

Protect yourself scan your network using Omega(Ω) scan. We will find out if you have a vulnerable wifi system.