The conclusion of The July 2014 Insurance Industry Working Session: from the USDA.gov page Ok, I admit the conference did not talk about Smokey the Bear for cyberspace very much if at all. Specifically: “The Federal government may be in the best position to drive awareness and education about cyber risk and, by extension, … Read more
this is interesting: https://shellshocker.net/ Is an interesting site… You can enter your domain name and they will tell you if you have the Bash Shellcode vulnerability. At this time they found 1767 vulnerable hosts: 107760 Total tests to date. 1767 Total vulnerable hosts found. It is also called the Shellshock vulnerability. As I mentioned in previous posts: … Read more
Security Week has the story: Discussion of researcher Longenecker posting the CVE-2014-2718 and CVE-2014-2719 shows flaws for the Asus RT series routers, either with the admin password being revealed or that the firmware update process does not use https (port 443), a secured/encrypted method. a man-in-middle(MitM) attack can occur, since a http session can be … Read more
So there is a wget vulnerability … big deal? Metasploit developer – Rapid7 has a page discussing the exploit Specifically: GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. … Read more
As time goes on your risk assessment needs to be re-evaluated, especially as computer resources change. If we had a crystal ball what would the future bring? It is lucky there are smart people thinking about this very issue. In the following Youtube video about a discussion with Dr. Mchio Kaku at St. Petersburg … Read more
