securitycompliance

Pentesting – what is it actually?

Posted on

Penetration testing are several acts on various computers and systems.   First in “recon”  one checks the public profile of the company. Use scan tools, nmap, hping, scapy, burp suite,  and others to check the target computers out.  (this is the Alpha scan)   Then one can use a few pre-built tools to review vulnerabilities […]

Uncategorized

Check your own ports on the Internet

Posted on

There are some good tools on the Internet (free) Like this one:  http://www.yougetsignal.com/tools/open-ports/ This is just a basic port scan (likely tcp open check) unfortunately a hacker will use multiple scans and some of the different flags a packet can have.   There are 2^8 ports and 6 different flags for packets (SYN/ACK/RST/FIN/URG/PSH) A good […]

SecurityThreats

Heartbleed – on the mend

Posted on

Internet Storm Center says Heartbleed around the net is slowly being patched. How do they know that?  Well, in case you are not a programmatic person… One can easily scan the Internet to find out what is going on, and that is exactly what the bad guys are doing all the time. They know when […]

Uncategorized

Check a website before changing your password

Posted on

Use LastPass check which allows the user to test a website to know whether it has updated the openssl technology. Some site do not have this type, and may not matter, and others may have openssl and have patched. But yet others may not be aware of this vulnerability… and if that is the case […]

Securityexploits

New OpenSSL exploit found (CVE-2014-0160)- called Heart Bleed

Posted on

Many vendors have put out statements  for OpenSSL vulnerability (CVE-2014-0160): This is a vulnerability in the encryption technology (OpenSSL) on websites and other systems. If you cannot safely access websites with encryption technologies it is a bad day on the Internet isc  has a full list – list is increasing: But most interesting (to me) […]