Discussion of public breaches of security
You know the movie which makes Phil(Bill Murray) relive the same day until he gets it right. http://www.imdb.com/title/tt0107048/ I asked Google how many days are in the movie “Groundhog Day”? 8 years, 8 months and 16 days, the director said 10 years. IT security is just like that except it should be called … Read more
Yes, we realize that everyone wants to Google something whenever you need to look up something. Our Website must be up all the time. Email has to work. YouTube watching, surfing the Internet – it is our right to go wherever we want. Visit Government websites when needed. Watch Netflix, and all our News channels … Read more
Tuesday the patch was released: Here is where it started CVE-2015-1635 Description: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.” the vulnerability was created 20150217 MS:MS15-034 http://technet.microsoft.com/security/bulletin/MS15-034 … Read more
Forever Day is a play on the “Zero-day” vulnerability which means the application vulnerability has not been patched and can be hacked. Forever-day now means it is always vulnerable (unless the software vendors figure out a patch), although it may be a configuration problem. Dark reading has the story: http://www.darkreading.com/endpoint/new-security-flaw-spans-all-versions-of-windows/d/d-id/1319884 The most interesting paragraph: … Read more
It is worthwhile to discuss Fake apps: http://www.hotforsecurity.com/blog/dont-be-fooled-bitdefender-anti-prank-tool-does-not-exist-11664.html There are “fake” apps which claim to be anti-virus or other legitimate apps (like games) but in reality are stealing your information on your phones and computers. Example: Guardian story Here is a Criminal developer boasting(on a discussion board) about creating the fake Flappybird app which steals … Read more