POODLE (Padding Oracle On Downgraded Legacy Encryption.) is in the news these days, and the fix for it is the following: Internet Storm Center link and the important parts: Apache: Add -SSLv3 to the “SSLProtocol” line. It should already contain -SSLv2 unless you list specific protocols. nginx: list specific allowed protocols in the “ssl_protocols” line. … Read more
OpenSSL is an open source toolkit that implements the Secure Socket Layer protocol either v2 or v3, it also runs Transport Layer Security (TLS v1) protocols So when The Register writes that Google found Poodle (Padding Oracle On Downgraded Legacy Encryption) flaw in the protocol this shows sometimes the problem of using security technologies. … Read more
SC Magazine story: apparently the Backoff malware was the culprit. 400 stores affected. Also in more breach news: coresecrutity blog implies that HomeDepot did a DIY project on their security
In my experience the best anti-malware software is Malwarebytes When your Antivirus software can’t find the malware, then download malwarebytes and clean the systems. especially those Point of Sale systems that seem to be infected by the Russian cyber gangs. The Malwarebytes blog is also a good read
What happened to Kmart? how did they get breached ? Kmart had an IT department with Anti-virus and firewalls? According to krebsonsecurity – again it was the Malware on the Point-of-Sale(POS) registers. iSight consultants seem to have figured out some details of a POS malware called BlackPOS WSJ article We can help – just … Read more
