It looks like the reason for the hack of JPMorgan is a basic hack. The routine check caught it, but did not find the problem in the first place. $250mil spent on cyber security but did not complete the actual update on one machine. Arstechnica says there was a missing two-factor authentication configuration on their … Read more
Checkpoint found a “Misfortune Cookie” vulnerability in various gateway devices for the home. This is the paper about how to protect one’s device: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf thsi is especially disconcerting: Any user traffic destined for banking or financial sites was redirected to malicious servers under the attackers control or redirected through SSL proxies where the security of … Read more
SANS pen tester has an excellent example (guest written by Chris Andre Dale) and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/ You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and … Read more
beyondtrust.com has the information MS14-066 was patched in November patch Tuesday (Nov 11). and here is the details: Unfortunately for those machines that do not patch regularly, the Microsoft patch allows the reverse engineer to figure out what was patched and then create a hack/Proof of Concept – POC) We can now see that … Read more
The site http://insecam.com/ has set up thousands of links to insecure cameras that are online. 4717 cameras in USA including many that are inside homes. A couple in New Jersey http://www.insecam.cc/cam/bycity/Absecon/ Including Chesterfield, MO http://www.insecam.cc/cam/bycountry/US/?page=120 Please log into your camera and change the default password. Changing default passwords should be done to all devices right when you … Read more