Good Day For Reflection: Improve Cloud Security

It’s good to do some reflection, and this is the last Saturday of he month, so here we are.   Securosis’  Rich latest post has a decent summary post, which is discussing what to do periodically – review current technologies and methods and see if those methods can improve your current operational methods and … Read more

Why is Cybersecurity hard? XXE injection

Where do we start? In the beginning …  well, fortunately we do not have to talk creation or evolution, let’s just go back to early 90’s when the Microsoft Windows Operating system hit a large market share of all personal computing systems. If you look at the early Windows systems, they were not built out … Read more

Ghost: glibc vulnerability CVE2015-0235

How dangerous is it?  It is an inherent Linux glibc vulnerability. RedHat is discussing it on their articles page – has the CVE number 2015-0235 It is nicknamed “Ghost” due to the ghostbyname() function calls in the glibc library, specifically: “GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the … Read more

International Data Privacy Day is false observance

Yes you knew it would happen, Jan 28 is International Day of Privacy Day Of course it has many meanings from authoritative sources:  or this may be the most useful historical event I can see: 1973 – CBS-TV debuted “Barnaby Jones”  on January 28. ————————————————————————— Yes my belief that we create days … Read more

QWERTY keylogger: “Connect the Dots”

Snowden documents lead to Regin and malware. The malware  seems to be related to the QWERTY keylogger found in the Snowden documents.  The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents. Here is a blog post on the analysis of the QWERTY keylogger to the Regin … Read more