Good Day For Reflection: Improve Cloud Security

It’s good to do some reflection, and this is the last Saturday of he month, so here we are.   Securosis’  Rich latest post https://securosis.com/blog/summary-heads-up has a decent summary post, which is discussing what to do periodically – review current technologies and methods and see if those methods can improve your current operational methods and … Read more

Why is Cybersecurity hard? XXE injection

Where do we start? In the beginning …  well, fortunately we do not have to talk creation or evolution, let’s just go back to early 90’s when the Microsoft Windows Operating system hit a large market share of all personal computing systems. If you look at the early Windows systems, they were not built out … Read more

Ghost: glibc vulnerability CVE2015-0235

How dangerous is it?  It is an inherent Linux glibc vulnerability. RedHat is discussing it on their articles page – has the CVE number 2015-0235 https://access.redhat.com/articles/1332213 It is nicknamed “Ghost” due to the ghostbyname() function calls in the glibc library, specifically: “GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the … Read more

International Data Privacy Day is false observance

Yes you knew it would happen, Jan 28 is International Day of Privacy Day https://blog.mozilla.org/blog/2015/01/27/get-smart-on-international-data-privacy-day/ Of course it has many meanings from authoritative sources: http://en.wikipedia.org/wiki/January_28  or http://www.on-this-day.com/onthisday/thedays/alldays/jan28.htm this may be the most useful historical event I can see: 1973 – CBS-TV debuted “Barnaby Jones”  on January 28. ————————————————————————— Yes my belief that we create days … Read more

QWERTY keylogger: “Connect the Dots”

Snowden documents lead to Regin and malware. http://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667 The malware  seems to be related to the QWERTY keylogger found in the Snowden documents.  The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents. Here is a blog post on the analysis of the QWERTY keylogger to the Regin … Read more