this is interesting: https://shellshocker.net/ Is an interesting site… You can enter your domain name and they will tell you if you have the Bash Shellcode vulnerability. At this time they found 1767 vulnerable hosts: 107760 Total tests to date. 1767 Total vulnerable hosts found. It is also called the Shellshock vulnerability. As I mentioned in previous posts: … Read more
Security Week has the story: Discussion of researcher Longenecker posting the CVE-2014-2718 and CVE-2014-2719 shows flaws for the Asus RT series routers, either with the admin password being revealed or that the firmware update process does not use https (port 443), a secured/encrypted method. a man-in-middle(MitM) attack can occur, since a http session can be … Read more
So there is a wget vulnerability … big deal? Metasploit developer – Rapid7 has a page discussing the exploit Specifically: GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. … Read more
As time goes on your risk assessment needs to be re-evaluated, especially as computer resources change. If we had a crystal ball what would the future bring? It is lucky there are smart people thinking about this very issue. In the following Youtube video about a discussion with Dr. Mchio Kaku at St. Petersburg … Read more
FireEye report and what is in it: This report says what we knew – a major attack vector is coming from Russia. Russia is attacking us and others (East European interests) the first takeaway is the very targeted nature of an attack on the Georgian journalist covering the Caucasus. The email claimed to originate from … Read more
