Checkpoint found a “Misfortune Cookie” vulnerability in various gateway devices for the home. This is the paper about how to protect one’s device: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf thsi is especially disconcerting: Any user traffic destined for banking or financial sites was redirected to malicious servers under the attackers control or redirected through SSL proxies where the security of … Read more
If it is not plain to everyone, here is some evidence: Sony Picture’s Scott Rudin exec emails: http://deadline.com/2014/12/scott-rudin-apology-sony-hacking-barack-obama-1201320321/ His racially insensitive emails were posted after the network and all servers were hacked. even after several years go by the emails have surfaced. SEP = Security Equals Privacy This scenario can be repeated: Google and Twitter … Read more
New fixvirus Post at http://www.fixvirus.com/why-perform-your-own-vulnerability-analysis/
There is a new POODLE vulnerability and test at Qualys SSL labs) https://www.ssllabs.com/ssltest/ POODLE (Padding Oracle On Downgraded Legacy) The problem is that your encryption stream may be downgraded to a legacy (i.e. can be cracked) standard. TLS 1.2 and higher needs to be kept as the known secure standard. Go click on ssllabs.com … Read more
Wall Street Journal article Ever since the odd Press release from north Korea which clearly meant that they were not very happy with the new movie about 2 US spies attempting an assassination of the North Korean leader. FireEye seems to think so ABC news story they have an interesting threat map: https://www.fireeye.com/cyber-map/threat-map.html FBI … Read more
