Ransomware Vaccine – Can It Be Done?

There seem to be 2 classes of Ransomware that infect computers. (I say that in anticipation another class will come soon enough)…   (3/30/2016) — Update with 3rd class of ransomware(5)  ZDnet has the story First, one that encrypts your files and requires you to pay for you to get your files back (no guarantee … Read more

Spy vs Spy – Cat and Mouse – Blue & Red Team – i.e. Defense is Screwed

We have many adversarial relationships Spy vs Spy  –  cat and Mouse – blue & red team – hackers vs IT teams.   What made me think of this? The post¹ on Reddit/netsec stating only 10 lines of code will bypass Antivirus code. In case you don’t know Virustotal.com allows attackers and defenders to check their code … Read more

All Ur Data Belong to US

IRS tax time — April 15th right?? Actually employers have to do taxes year-round and the “sophisticated” nature of the IRS causes them to issue 4 or 6 digit PIN numbers. Well the hackers know this so they buy some of your stolen data (from previous heists) on the Darknet¹&². Now hackers have some of your … Read more

Don’t Trust And Verify

I know the gipper had the famous saying: But that is only for the soviet union arms control in the 1980’s. In the 1990’s and early 2000’s we have the following: “Trust but verify” and always back up your work. But I think it is not enough in the 2010’s specifically March 10th, 2016. Now … Read more

Apache Jetspeed-2 Easy Hack & Exploit

Haxx.ml has the story¹ This is one of those moments where the latest version of the program(Jetspeed 2.3.0) is hackable using a SQL injection method from CVE-2016-0710. It behooves us to review CVE-2016-0710: “The Jetspeed User Manager service, part of the Jetspeed Administrative Portlets, is vulnerable to SQL injection. When performing a search in these tools, … Read more