KrebsonSecurity has some info There is no information on Home Depot website on the breach, although there are a lot of jobs open and unfilled from Aug 20, as well as some new ones in the security engineering positions. —————————————————————————– Update on this issue – Late night 9/3 http://news.yahoo.com/almost-u-home-depot-stores-may-hit-breach-214825497–sector.html yahoo story (from Reuters) it is … Read more
CIO magazine has the 11 steps of the hack Step 3 exploit a web vulnerability should have been remediated, although the hackers were in the network they would have had a harder time to attack. Step 5-6 Stealing a token from Domain admins , although the password hash may have been removed somehow, the Domain … Read more
etutorials.org explains some Heap Overflow attacks This is an important sentence and diagram( from the etutorials.org: “Where the details of stack overflow exploitation rely on the specifics of hardware architecture, heap overflows are reliant on the way certain operating systems and libraries manage heap memory. Here I restrict the discussion of heap overflows to … Read more
In JPMorgan’s shareholder letter states on page 22. Ja,oe Dimon is Chairman and Chief Executive Officer By the end of 2014, we will have spent more than $250 million annually with approximately 1,000 people focused on the effort. This effort will continue to grow exponentially over the years. In our existing environment and at our company, … Read more
Microsoft says MS14-045 some KB updates should be uninstalled due to crashes. ZDnet also describes an apparent flaw in KB2993651 Two of these (2970228 and 2975719) are among the updates withdrawn by Microsoft along with MS14-045. A reboot must be done after the Updates is uninstalled in the ‘Program and features’, installed updates section. So … Read more
