Check a website before changing your password

Use LastPass check which allows the user to test a website to know whether it has updated the openssl technology. Some site do not have this type, and may not matter, and others may have openssl and have patched. But yet others may not be aware of this vulnerability… and if that is the case … Read more

New OpenSSL exploit found (CVE-2014-0160)- called Heart Bleed

Many vendors have put out statements  for OpenSSL vulnerability (CVE-2014-0160): This is a vulnerability in the encryption technology (OpenSSL) on websites and other systems. If you cannot safely access websites with encryption technologies it is a bad day on the Internet isc  has a full list – list is increasing: But most interesting (to me) … Read more

Some ports are used by viruses and legitimate uses Port 6789 is one

Port 6789 according to Speedguide.net the port can be used by a Netsky worm variant, but is also used by the Sun cluster manager. In fact that is how the worm replicates itself across the Internet, by using the Java software on the cluster manager software (smc-https  or Solaris Management console).   Many ports are thus … Read more

New Public Breach at sally Beauty Supply

bankinfosecurity has the information   The initial reports were that it was a data breach, but no credit card data was stolen, but 11 days later it looks as many as 25,000 records were exposed and stolen Sally Beauty Supply operates approximately 500 stores worldwide and had $3.6 billion in sales in 2013.   As … Read more

SQL Injection is a programmatic attack on websites

OWASP  has a great website discussing SQL injection: The Open web application Security project is an effort to help the programming community in securing their websites And I will copy a couple of lines from their SQL_Injection_prevention_Cheat_sheet becasue it is important: Option #1: Use of Prepared Statements (Parameterized Queries) Option #2: Use of Stored Procedures … Read more