Patch your cisco routers

This is a fix to a long outstanding remote code execution bug – post from Threatpost Dennis Fisher discusses the basics of this issue this is a bug from 2011 (sic) and could cause someone to access your older Cisco router has a list of the telnet Metasploit payloads Here are the relevant entries: … Read more

My IT is outsourced – I don’t worry about security

Recently I had a discussion with an executive, and he said he outsourced his IT functions, so I don’t have to worry about it anymore.  Is that right? So i searched for a theoretical talk… —————————————————————————————————————————- Black hat 2014 had several talks about Cyberspace security – Jason Healy discussed how to save Cyberspace SEP = … Read more

Escalation Privilege threats – What’s the big deal?

Mitre has a nice article on how thin client technology with Secure Remote Peripheral Encryption Tunnels (SeRPEnT). Their image shows how a thin client can have a trusted connection to the server and thus have a trusted connection to the server.     The article pushes thin clients and as we all know thin clients can … Read more

Staples now investigating breach

Brian Krebs broke the story again, since he reviews the bank fraud channels, as well as the crook channels in Russia and elsewhere at times. Tripwire  has a good video that explains how the cards are sold – it is a company which creates many IT security products. I have used Tripwire  File Integrity and … Read more

False Positives Bane of ITSecurity

Internet Storm Center discusses the month of CSAM false positives: ” The HUGE problem with this is false positives and false negatives.” Fortinet Blog post discusses the pressure on IT decision makers Wired story has Gonen Fink, the CEO of LightCyber, writing about how we need better products reviewing the false positives (a false positive is … Read more