Securitybreaches

https://technet.microsoft.com/en-us/library/security/ms15-oct.aspx Has several patches including  MS15-106  ” One memory corruption vulnerability (CVE-2015-6056) has been publicly disclosed.”  from the following link: https://msisac.cisecurity.org/advisories/2015/2015-121.cfm   As far as Microsoft patches go – the ones that patch remote code execution in the vulnerability impact column. And 4 of the 6 have remote code execution.   As a systems person I … Read more

A breach has many looks… THE fundamental problem is highlighted in this article: http://www.infosecurity-magazine.com/news/15mn-affected-medical-information/ Besides the obvious headline grabber “1.5mil records stolen by hackers.” I am going to compile a few sentences from the article and then discuss: {He added, “Every healthcare firm, large and small, that stores patient data is at risk of a … Read more

All it takes is one patch is missed, One computer not taken care of. Computers must be patched so that Zero-day exploits have minimal affects.  We discussed this on July 20th http://oversitesentry.com/why-security-news-scrutinized-to-nth-degree/ Let’s review:   After a vulnerability is introduced, an exploit hits the “wild” and then the clock starts ticking, the attackers(criminal hackers) and defenders(software … Read more

Richard Bejtlich has a new post (as of May 10) http://taosecurity.blogspot.com/ He set out a few excerpts of a 1978 book “Computer Capers” by Thomas Whiteside. To me the most interesting excerpt(2nd): “The difficulties of catching up with the people who have committed computer crimes is compounded by the reluctance of corporations to talk about the … Read more