False Positives Bane of ITSecurity
Internet Storm Center discusses the month of CSAM false positives: ” The HUGE problem with this is false positives and false negatives.” Fortinet Blog post discusses the pressure on IT…
Anti-Malware diligence or Cryptowall 2.0 file destruction
A customer handed me a computer that was infected with Cryptowall 2.0 With this message: I cleaned the computer of the virus portion of the problem, but unfortunately as on…
Bash shell code vulnerability is as bad as advertised
Wednesday evening we ran a bash script command against a lab computer which was designed to be vulnerable Downloaded a system .iso file from http://www.vulnhub.com It is from the Pentester…
The SSLv3 vulnerability(POODLE) – fix and explanation
POODLE (Padding Oracle On Downgraded Legacy Encryption.) is in the news these days, and the fix for it is the following: Internet Storm Center link and the important parts: Apache:…
New Vulnerabilities in SSL v3
OpenSSL is an open source toolkit that implements the Secure Socket Layer protocol either v2 or v3, it also runs Transport Layer Security (TLS v1) protocols So when The Register…