Security Week has the story: Discussion of researcher Longenecker posting the CVE-2014-2718 and CVE-2014-2719 shows flaws for the Asus RT series routers, either with the admin password being revealed or that the firmware update process does not use https (port 443), a secured/encrypted method. a man-in-middle(MitM) attack can occur, since a http session can be … Read more
So there is a wget vulnerability … big deal? Metasploit developer – Rapid7 has a page discussing the exploit Specifically: GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. … Read more
As time goes on your risk assessment needs to be re-evaluated, especially as computer resources change. If we had a crystal ball what would the future bring? It is lucky there are smart people thinking about this very issue. In the following Youtube video about a discussion with Dr. Mchio Kaku at St. Petersburg … Read more
FireEye report and what is in it: This report says what we knew – a major attack vector is coming from Russia. Russia is attacking us and others (East European interests) the first takeaway is the very targeted nature of an attack on the Georgian journalist covering the Caucasus. The email claimed to originate from … Read more
How does IT Security rank with respect to other company risks? There are always risks in life for individuals, and so there are risks for companies as well. In IT risk revolves around data protection (Denial of Service as well as network or equipment failures), continuity of service, preventing IT security breaches, PC life cycle … Read more