Asus RT series routers vulnerable

Security Week has the story: Discussion of researcher Longenecker posting the CVE-2014-2718 and CVE-2014-2719 shows flaws for the Asus RT series routers, either with the admin password being revealed or that the firmware update process does not use https (port 443), a secured/encrypted method. a man-in-middle(MitM) attack can occur, since a http session can be … Read more

Wget vulnerability – does it affect you?

So there is a wget vulnerability … big deal? Metasploit developer – Rapid7 has a page discussing the exploit Specifically: GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP.  Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. … Read more

Digital Security in Risk Assessment

As time goes on your risk assessment needs to be re-evaluated, especially as computer resources change. If we had a crystal ball what would the future bring?   It is lucky there are smart people thinking about this very issue.  In the following Youtube video about a discussion with Dr. Mchio Kaku at St. Petersburg … Read more

FireEye new report -APT28 coming from Russian government

FireEye report and what is in it: This report says what we knew – a major attack vector is coming from Russia. Russia  is attacking us and others  (East European interests) the first takeaway is the very targeted nature of an attack on the Georgian journalist covering the Caucasus. The email claimed to originate from … Read more

What is Risk level regarding IT Security concerns?

How does IT Security rank with respect to other company risks? There are always risks in life for individuals, and so there are risks for companies  as well. In IT risk revolves around data protection (Denial of Service as well as network or equipment failures), continuity of service, preventing IT security breaches, PC life cycle … Read more