Displaying items by tag: Hacking

When you hear people talking about anonymity on the internet it most people will think privacy. When companies hear anonymity on the internet they think piracy, crime, hacking and lost revenue. This is probably the biggest disconnect in the internet age, companies want to monetize your personal information. This is big money and (as we have said more than once) is a commodity that they have been trying to legalize for more than a decade.

If you are in the information security field then the latest “news” that Cisco fixed a flaw in a protocol that should not be used will probably give you a chuckle. I am talking about Telnet which is not exactly what you would call a secure means of communicating with any device. In most cases Telnet is one of those options that you turn off right out of the box. Still it is nice to know that Cisco is patching it.

There appear to be developments in the way that Shellshock is used to push malware around. According to new information the Bash Bug is now being used to send malware out through the use of compromised SMTP gateways. The clever attackers are trying to use altered headers (from, to, subject) to force the SMTP gateway to pull down additional code that contains the Shellshock attack.

When you are a sysadmin there is nothing like waking up to not one, but two troubling bits of news. The first one centers on a new and fun Zero-Day vulnerability that affects just about every version of windows that Microsoft still supports. Dubbed Sandworm by iSight, the security firm that discovered it this bug exploits yet another flawed internal mechanism in Microsoft’s OS.

The Mac world had an unsettling wakeup call today as it found out what most people have known for years: Macs are no more secure than any other PC. This wakeup call is not the first of its kind and it is certainly not going to be the last, we just wonder if anyone will actually listen or if Apple PR will continue to claim Macs cannot get malware.

242 Million. This is the number of people that have been affected by the corporate culture of short cuts and fiduciary excuses on security. We have talked at length about the lack of proper security planning in the last 12 months, upgrades and even programing that exist in the corporate world and even with pretty strict regulations on how businesses are required to conduct their operations we are still hearing about breach after breach.

A new report from security research firm, Aspect Security confirms what we have been saying for years: developers simply do not know how to secure their applications. In a recent study where a group of developers were asked questions on security Aspect found that about 80% of them did not know how to protect sensitive data. This is something that we have found in our experience in dealing with vendors and other application developers.

Almost two weeks ago we wrote an editorial about how security issues are more about the corporate culture than just weak passwords. In it we described a problem that exists in far too many companies where executives and/or vendors are the ones that are setting the security policies instead of the IT or IT security teams. This situation can be exceptionally frustrating when you are trying to keep the “bad guys” out, but not everyone really believes that this is how things work. Now, after New York Times article describing how the Home Depot ignored their own security staff, people might be forced to finally get the bigger picture.

Since the beginning of 2014 the IT world has been rocked by more than a few major breaches. The number of credit cards and user information now up for sale is staggering. So how have these attacks managed to get in and make off with so much data so quickly? Of course there are the usual suspects in these cases, weak passwords and users downloading malware on their systems that allow a potential attacker into their system.

Two days ago we reported on the iCloud controversy which involved an attack on Apple’s Cloud based Find My iPhone application. This attack (which appears to have been a dictionary attack) resulted in the release of nude images of a number of celebrities posted on the internet for all to see. Apple immediately jumped to the defensive and released a statement saying they were not “hacked” and it is not their fault. Now on the surface this is true as there was not a full breach of their security, but it is about as wrong as you can get.