Sony hacked, held ransom, shut down – or not?

Is this a sign of things to come? Geek.com story  The Guardians of Peace (#GOP) hacked Sony  Pictures   Some specific details are on Reddit.com  When one person downloaded the stolen files and they reviewed the contents: Email addresses (including the Guardians of Peace email addresses apparently) Files of internal Sony Financial reports.   But … Read more

Good Time to Evaluate Patch Management

Interesting to note tomorrow is 2 weeks from Patch Tuesday November 11th (2nd Tuesday of month) and 2 weeks from patch Tuesday in December (the 9th). So it is a perfect time for reflection – thus we review a discussion of the November 2014 patch Tuesday  in SecurityWeek. It means to give direction for companies that … Read more

Free Public Databases – Should they be used at all?

Internet Storm Center has a post today noting the update to Burp Suite an excellent vulnerability analysis of Websites as a proxy server. While checking the update the storm center noted the inclusion of NoSQL injection  in the update. At the same time why is this important? because of the prevalence  of public databases or “Bigdata” … Read more

Microsoft issues out-of-band patch – but wait for now.

MS14-068 has been issued an out-of-band patch, as mentioned at Darkreading This is a Server patch – for Windows 2008, and Windows 2012 patch, this is a critical patch due to Kerberos authentication  needing this fix. SANS Dr. Ullrich has a statement: ” Ullrich says privilege escalation rarely gets the critical rating because the step of … Read more

The Schannel vulnerability MS14-066 details

beyondtrust.com has the information MS14-066 was patched in November patch Tuesday (Nov 11).  and here is the details: Unfortunately for those machines that do not patch regularly, the Microsoft patch allows the reverse engineer to figure out what was patched and then create a hack/Proof of Concept – POC)   We can now see that … Read more