Discussion of public breaches of security
http://www.christian-rossow.de/publications/tcpamplification-woot2014.pdf written by: Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany The researchers did a variety of scans – udp and tcp based scans to test the Internet. This table means that there are hundreds of thousands potential computers(network devices) on the Internet that can be used … Read more
In less than a minute a Hacker found out that the bank was giving out too much information. http://sijmen.ruwhof.net/weblog/584-how-i-could-hack-internet-bank-accounts-of-danish-largest-bank-in-a-few-minutes As the hacker studied the website information, it was evident that it will not take long to hack the website. Which means access to customer server information, so that means PII (Personal Identifiable Information), banking information … Read more
Why did we get hacked? Is a common refrain after a breach. Thousands of businesses got hacked last year (and this year) as in my previous post: http://oversitesentry.com/analyzing-data-breaches-can-we-tolerate-status-quo/ We believe in our technologies, in automation in firewalls There are many aspects of potential weakness – and all weaknesses will be taken advantage of. The only way … Read more
The talk on pdf form at Defcon media servers: Inter-VM data exfiltration – The art of cache timing covert channel on x86 multi-core By Etienne Martineau a kernel developer. So how can you steal data from one instance while being on another in the same hypervisor machine – you see the … Read more
Patch Tuesday August ( 8/11/2015) Here is Microsoft patch Tuesday August 2015 edition https://technet.microsoft.com/en-us/library/security/ms15-aug.aspx How can I say that unpatched computers will get hacked? Any Metasploit pentester will tell you this. Metasploit is a nifty program (runs on Linux) that will attack computers with various attacks and payloads. It takes advantage of people who … Read more