From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 347 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1266 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 707 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 684 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 1904 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1388 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 1835 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 1597 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1604 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116250 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87093 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81628 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 79995 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70409 times Read more...
Displaying items by tag: Flash
Kingston at CES 2013
Las Vegas, NV, CES 2013 – One of our must see companies at CES is Kingston. We have been partnered with Kingston since early 2006 and they are truly one of our favorite companies not only for the things they do, but also for the people that are behind the PR. Yesterday we stopped by their showroom (they had a half ballroom at Caesar’s Palace to see what they had going on. When we walked we saw quite a few displays that contained the history of Kingston Memory and storage products. These cases were quite full considering the fact that Kingston is 20 years old and their HyperX line of memory products is 10 (their first HyperX memory module was DDR… just DDR). However they have come a long way and are now one of (if not the) leading memory and flash storage company in the world.
Microsoft Will Not Patch Major Exploits in IE 10 Bundled Flash Until After October 26th
In only a few weeks Microsoft could find themselves in something of a bind as they appear to have forgotten quite a bit about security while trying to make sure that their new OS can work with their cloud services. Since the release of the “build” version of Windows 8 we have been picking through the way that it operates and how its system function. We have found more than a few items of concern; some of which have finally been fixed, others have not. One of our primary concerns is the semi-walled garden that Microsoft is putting Merto/Modern apps into in order to prevent the side loading of apps that are not from the Microsoft Store, but which also prevents proper malware protection from working.
Old Vulnerability Found In New "Patched" Version of Java
There is nothing like finding a new bug in a patch that is meant to fix another one. This appears to be something that Oracle has done though. After releasing a rushed security patch for a rather serious vulnerability in Java the same company that found the first flaw, Security Explorations, has found another one. The first flaw affected any web browser that had the Java plug-in running and extended across multiple operating systems as well. It was the sort of flaw that everyone remembers when the security of someone’s products is brought up. Having a single major vulnerability in your software (and with malware that uses it in the wild) is bad enough, but to find another one in your most recent version is just bad news.
So long Adobe Flash
As of today, Adobe's Flash is officially removed from Google Play. They announced last November “we are focusing our work with Flash on PC browsing and mobile apps packaged with Adobe AIR, and will be discontinuing our development of the Flash Player for mobile browsers.“ Android 4.1 wont have any certified implementations of Flash Player. Adobe will use configuration settings in the Google Play Store to limit continued access to Flash Player updates to only those devices that already have Flash Player installed.
Mosaid Technologies unveils their new 2TB SSD Drive
Last week Mosaid showed off a prototype of their new solid state drive which boasts a massive 2TB capacity. The new Solid-State Drive (SSD) is able to do what conventional solid state drives are able to do only in a more cost effective way. Mosiad has managed to reduce the number of controllers and channels per drive while increasing the capacity and throughput of the drives. If they are able to push this out into the market it will be a big hit in many high-performance systems and no we are not talking about your gaming box.
Kingston HyperX SH100S3B 120GB SSD Upgrade Kit Review
Here at DecryptedTech we have always had covered a very wide range of products (as well as technologies). However, there is one item that we have never really gotten too deep into. This is direct attached storage and in particular Solid State Drives (SSDs). It is true that we do show you their performance in almost every motherboard review that we do here on the site, but we have never reviewed any SSDs exclusively. We have had many reasons for this not the last of which is there is still debate on how to properly test an SSD or HDD. While some feel that IOPs (Input Output Operations per Second) are key others want to know exactly how fast their data moves into and out of the drive. We sat down and have come up with what we hope is a good balance of synthetic and real world tests that will give you the best idea of how an SSD performs. So with that in mind we are going to dive into Kingston’s HyperX SH100S3B/120G 120GB Solid Sate Drive Upgrade Kit.
Adobe could be dumping Flash for Mobile
A report from ZDNet appears to be showing that Adobe might be dropping future efforts for their Flash Player in the mobile world. While there are probably more reasons for this than we will ever find out, the one that seems to be getting pushed is that Adobe is giving up on a losing battle. One site that offered this news to its readers even stated that Adobe Flash for mobile had only reached a fraction of the market. Well this is true as ½ is a fraction.
The original push to bring Flash to the mobile market was something of a pride thing between Adobe and Steve Jobs. At the same time we also saw Adobe working on hardware acceleration for some of their other plug-ins like Air and Edge. The thing is that as browsers both mobile and desktop move forward they are discovering (well they really always knew) that plug-ins are gigantic security holes, this is true for ANY plug-in not just Flash. If you follow security in the PC and mobile world at all you will find that this is very true and you will also see that browsers like IE, FireFox, Chrome and Safari are becoming les plug-in friendly. In fact FireFox 8 and the mobile FireFox have kicked out even more plug-ins than before.
This is Adobe’s motivation; they know that in the very near future they are going to have a very hard time getting their Flash plug-in to work at all. So they are kicking their work into CSS and HTML5 into high gear (something they should have done before). You will hear from multiple sites that this is Apple “winning out” or that Steve Jobs was right. Neither of these is completely true. Apple has yet to realize HTML5 for most of their sites and continues to use their proprietary QuickTime plug in for their movie trailer site and for much of the code on Apple.com (although the mobile is moving to HTML5). As for Steve Jobs being right; well the Adobe/Apple feud was about more than Flash on the iPhone. There was a time when Adobe optimized everything for Apple. If you wanted to run Photoshop with blazing speed, you bought a Mac. After Apple dumped the Power PC processor and forced Adobe to dump years of effort into optimizing for RISC (reduced instruction set) processors Adobe did an about face and began to optimize for Windows. To make matters worse after Apple jumped on the OpenCL bandwagon Adobe partnered up with nVidia to accelerate their applications with the closed source CUDA platform instead of the open standards found in OpenCL.
So you see this Flash Vs Apple war has been a long time in coming and it was the pride of two very large Egos that brought it out into the open. I am happy to see the plug-in go IF the replacement is more efficient and allows a better cross platform experience.
Source ZDNet
Discuss in our Forum
Exploit in Adobe Flash Allows iFrame to Hijack Webcam on Macs
There is a long standing myth that PCs are susceptible to viruses and malware while Macs and Linux are not. Unfortunately for anyone that believes this myth there are consequences. One of these is a feeling of invulnerability when browsing. This false sense of security can lead to many things, including having your computer hijacked or being silently rolled into a giant Mac only botnet … I am sure you get my point. This phenomenon is not limited to Mac owners. PC owners that have “Full” Virus and Malware protection also get this false sense of security.
Now, the interesting thing is that while there are literally thousands of viruses and malware for Windows based systems in the wild there are actually more security loop holes in OSX that can be exploited by something as simple as a drive-by or other malformed code on a web page. One that caught our attention was an Adobe based Exploit (yes I know Steve Jobs wanted to ban Adobe). This little exploit allows someone to run a .swf file in a hidden iFrame. The .swf in question here has code to authorize turning on the end users webcam and broadcasting it to the source server.
Now this is nothing new and I have witnessed this kind of thing done at different security conventions. The thing that really is concerning is that this is being run on a version of Flash that is supposed to have code (called frame busting) to prevent this. What happened is that Adobe only patched part of the hole. They covered the whole page being loaded in an iFrame, but forgot to prevent the malformed .swf from being loaded into that same space. This little exploit was found by a computer science student at Stanford University named Feross Aboukhadjeh.
Now I know you are wondering what my rant at the beginning of this article about Macs has to do with this exploit… Well the kicker is that Aboukhadjeh has only been able to get this exploit to work on Macs and running either Firefox or Safari. The reason that he has been so successful is that with these browsers and OSX it is easier to make the iFrame transparent to the end user. Aboukhadjeh says that he does believe that this will work on other operating systems, but that it will take significantly more effort and would require layering the frame to avoid detection.
Adobe has been notified of the exploit
Source The Inquirer
Discuss in our Forum
FTC checking to see if Google is restricting Android Phone makers
There are things that I find ironic but that seem to go unnoticed by many (mostly the press). Today I read an article that the FTC is looking into claims that Google might have put restrictions in place for manufacturers that make Android based smart phones. Now, I have no lover for Google. I think they do not care about people’s privacy, ignore laws and worse. However, to see the FTC starting to investigate them for antitrust issues is laughable when this same commission said there was no credible evidence that Apple was doing this. It is funny that the investigation appears to be looking into if Google is preventing the use of services such as mapping, navigation etc. other than their own on Android based phones. After all wasn’t it Apple that put a stipulation to app developers that they could not develop an app that reproduced core functions of the phone?
Then there was Steve Job’s rather public rant about never allowing flash on the iPhone, their arbitrary app approval process and many other items are even more conclusive. To me this illustrates that our federal regulators have no clue what is going on and only do what they are told by the person throwing the most cash around The Hill. Interestingly enough that used to be Michael Schmidt and Google, but now we see Google’s charm wearing off.
Still I am glad to see that the FTC is looking into some of the advertising and search practices that Google is participating in. For years it has pretty much been common knowledge that Google stacks some of the search results and their ad placement is something of a joke. Maybe some good will come of this, but they really need to stop turning a blind eye to companies like Apple and begin to actually do their jobs and protect the public from ALL companies that participate in this type of activity.
Source Cnet
Discuss in our Forum
Apple Manager Arrested; A sign of things to come?
Have you ever wondered how Apple does it? I mean how they really get the best information. Those low prices and just seem to be on top of things so well. Many have said that Steve Jobs just has his finger on the pulse of today’s computer consumers. Now, I will grant that Steve is a marketing genius but there has to be something else. One of these things was the former inclusion of Google CEO Eric Schmidt on Apple’s board (until an obvious conflict of interest came up) this gave Apple some amazing information into consumer wants and trends (after all Google is in the business of selling ads and collects a ton of data for this purpose). But we have always had a feeling that there was something else going on behind the scenes.