There is a new POODLE vulnerability and test at Qualys SSL labs) https://www.ssllabs.com/ssltest/ POODLE (Padding Oracle On Downgraded Legacy) The problem is that your encryption stream may be downgraded to a legacy (i.e. can be cracked) standard. TLS 1.2 and higher needs to be kept as the known secure standard. Go click on ssllabs.com … Read more
It is only a matter of time before health data will be plastered all over the Internet. A number of Blogs are discussing this very issue http://www.safelogic.com/exposing-the-risks-of-data-driven-healthcare/ is one. Penetration testing for New England care solved some problems outside of security issues: http://www.coresecurity.com/content/penetration-testing-key-to-hipaa-compliance-for-care Penetration testing checks the boundaries of your computer systems. By using open source tools … Read more
Due to the bad password practices of the general population, the latest example is the Sony Pictures hack uncovering the passwords of Sony Pictures employees(as well as SSN and more): As in our previous post where we discussed the hack. Now various forums are picking apart the very bad password practices of Sony Pictures … Read more
SANS pen tester has an excellent example (guest written by Chris Andre Dale) and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/ You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and … Read more
When is it necessary? when entering an important command into a critical system that affects thousands of users. Or when you have to review your network to make sure no holes are found. the attacks on your network are relentless: Bad hackers will attack your network and own your machines. Once they own your machines … Read more
