CIO magazine has the 11 steps of the hack Step 3 exploit a web vulnerability should have been remediated, although the hackers were in the network they would have had a harder time to attack. Step 5-6 Stealing a token from Domain admins , although the password hash may have been removed somehow, the Domain … Read more
etutorials.org explains some Heap Overflow attacks This is an important sentence and diagram( from the etutorials.org: “Where the details of stack overflow exploitation rely on the specifics of hardware architecture, heap overflows are reliant on the way certain operating systems and libraries manage heap memory. Here I restrict the discussion of heap overflows to … Read more
In JPMorgan’s shareholder letter states on page 22. Ja,oe Dimon is Chairman and Chief Executive Officer By the end of 2014, we will have spent more than $250 million annually with approximately 1,000 people focused on the effort. This effort will continue to grow exponentially over the years. In our existing environment and at our company, … Read more
Microsoft says MS14-045 some KB updates should be uninstalled due to crashes. ZDnet also describes an apparent flaw in KB2993651 Two of these (2970228 and 2975719) are among the updates withdrawn by Microsoft along with MS14-045. A reboot must be done after the Updates is uninstalled in the ‘Program and features’, installed updates section. So … Read more
The 23rd USENIX Security conference 8/20 – 8/22 2014 discussed many subjects There is a specific paper about “An Internet-Wide View of Internet-Wide Scanning” by Zakir Durumeric University of Michigan zakir@umich.edu, Michael Bailey University of Michigan mibailey@umich.edu and, J. Alex Halderman University of Michigan jhalderm@umich.edu So that you do not have to fish the 13 pages out of the 1000 page main document … Read more
