False Positives Bane of ITSecurity

Internet Storm Center discusses the month of CSAM false positives: ” The HUGE problem with this is false positives and false negatives.” Fortinet Blog post discusses the pressure on IT decision makers Wired story has Gonen Fink, the CEO of LightCyber, writing about how we need better products reviewing the false positives (a false positive is … Read more

Anti-Malware diligence or Cryptowall 2.0 file destruction

A customer handed me a computer that was infected with Cryptowall 2.0 With this message: I cleaned the computer of the virus portion of the problem, but unfortunately as on many sites explaining this issue: http://www.bleepingcomputer.com/forums/t/552103/updated-cryptowall-20-ransomware-released-that-makes-it-harder-to-recover-files/   In the several guides on the Net, the best one in my opinion is this one: http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information   I … Read more

Bash shell code vulnerability is as bad as advertised

Wednesday  evening we ran a bash script command against a lab computer which was designed to be vulnerable   Downloaded a system .iso file from http://www.vulnhub.com   It is from the Pentester Lab section https://twitter.com/PentesterLab/status/515079459284594688  then started the computer (now I had a test lab computer system) Then ran the above command on a Kali Linux machine … Read more

The SSLv3 vulnerability(POODLE) – fix and explanation

POODLE (Padding Oracle On Downgraded Legacy Encryption.) is in the news these days, and the fix for it is the following: Internet Storm Center link and the important parts: Apache: Add -SSLv3 to the “SSLProtocol” line. It should already contain -SSLv2 unless you list specific protocols. nginx: list specific allowed protocols in the “ssl_protocols” line. … Read more

New Vulnerabilities in SSL v3

OpenSSL is an open source toolkit that implements the Secure Socket Layer protocol either v2 or v3, it also runs Transport Layer Security (TLS v1) protocols   So when The Register writes that Google found Poodle (Padding Oracle On Downgraded Legacy Encryption) flaw in the protocol this shows sometimes the problem of  using security technologies. … Read more