Month: September 2015

Newsflash: Software has bugs – 0day vulnerabilities

by

FireEye and Kaspersky had zero-day  vulnerability bugs in their software. http://www.zdnet.com/article/fireeye-kaspersky-hit-with-zero-day-flaw-claims/ It is not news that software has flaws, and that some flaws are vulnerabilities that can be exploited by hackers.  What is news is that FireEye is a cybersecurity company: With firewall devices among their product lines. http://www.theregister.co.uk/2015/09/08/fireeye_0day/  Says that the security researcher put … Read more

Best computer Jokes #Cyberjoke Friday v1.5

by

Best image from Google image search ” computer jokes”     What can be described as funniest joke? Well there is  an Edinburgh fringe joke contest and in 2011 there was a good one: from http://www.bbc.com/news/uk-scotland-14646532 1) Nick Helm: “I needed a password eight characters long so I picked Snow White and the Seven Dwarves.”   … Read more

Application Security Testing : Do It Now

by

Yes as Veracode says: https://www.veracode.com/blog/2015/07/application-security-assessment-reviewing-your-testing-program-sw They list 3 misconceptions: QA (Quality Assurance) is when development is done. Third party software does not need testing Developers don’t care about security   We have to perform QA during development as well as after. All software needs security testing and not just functional testing. Sio what should you … Read more

Dangerous Vulnerability? Some Routers Bad UPnP Authentication

by

This is the problem with some security issues(complicated technical issues that require expertise to fix): http://www.kb.cert.org/vuls/id/361684 Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. This attack has the beginnings of a potential problem, some vendors have sufficient protection built-in: “Some vendors have … Read more

How To Stay Secure in Insecure World

by

I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html   It is best to use good passwords, 2factor authentication, and patch your systems   The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you … Read more