Wifi Attacks Succeed Against All:WEP/WPA

When do Wifi attacks Succeed? It depends on your setup   Some basics: First of all, change your default admin password (since default admin passwords are on the Internet so that users can manage their WiFi Access points). New access points may look like this: and the support page shows how to access the WiFi … Read more

NTP Attack Can Cause Encryption and DNS Problems

Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg wrote a paper (out of Boston University) http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf “Attacking the Networking Time Protocol”   Apparently if your servers and clients (which all have NTP) have their time changed can affect various processes. To Attack …     Change time by … TLS Certs     … Read more

DDOS Attack Allows Million$ Transferred To Mule

After seeing a good ISACA presentation today at the Renaissance in Saint Louis (near airport) http://www.isaca.org/chapters5/Saint-Louis/Pages/default.aspx  by Josh Vander Veen with SpearTip Here are my notes: Sophistication of criminal attack is on the rise. Many small businesses have a false sense of security and say the following: I’m just a small company why would they … Read more

Internet Explorer is Most Vulnerable Browser

The Internet Storm Center has a great article on the most common vulnerabilities in web applications (XSS or Cross Site Scripting) https://isc.sans.edu/forums/diary/When+encoding+saves+the+day/20277/   This is  where some data is attempted insertion into the web application somehow.   So the unfortunate browser response from Internet explorer is Internet Explorer: GET /myform/action/post?myparam=”>%20Test So what you say I … Read more

DDOS Amplification Attack Study Shows Effectiveness

http://www.christian-rossow.de/publications/tcpamplification-woot2014.pdf written by: Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany The researchers did a variety of scans – udp and tcp based scans to test the Internet. This table means that there are hundreds of thousands potential computers(network devices) on the Internet that can be used … Read more