Video Games are getting more connected to the Internet, and thus are more likely to be hacked or DOS’ed (Denial of Service) Trend Micro listed a few items that happened http://blog.trendmicro.com/video-game-vulnerabilities/?linkId=11643669 The Xbox hack happened on Christmas day 04 2014: http://oversitesentry.com/christmas-hacking-while-you-were-out/ I tried to go to the Sony website on Christmas: And I got site … Read more
How can hackers steal data without anyone knowing? It has been shown that it takes months before a breach is found, let’s assume one of your users clicked on a phishing email. With the email malware was installed on the persons computer, unbeknown to the user this malware has now opened a process named “notepad” ( … Read more
It looks like the reason for the hack of JPMorgan is a basic hack. The routine check caught it, but did not find the problem in the first place. $250mil spent on cyber security but did not complete the actual update on one machine. Arstechnica says there was a missing two-factor authentication configuration on their … Read more
Checkpoint found a “Misfortune Cookie” vulnerability in various gateway devices for the home. This is the paper about how to protect one’s device: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf thsi is especially disconcerting: Any user traffic destined for banking or financial sites was redirected to malicious servers under the attackers control or redirected through SSL proxies where the security of … Read more
SANS pen tester has an excellent example (guest written by Chris Andre Dale) and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/ You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and … Read more