Researcher finds new security flaws in SCADA PLC systems, decides not to expose them at TakeDownCon.
In a blog post today at nsslabs.com, NSS CEO Rick Moy lauded the infosec acumen of researcher Dillon Beresford, saying “In the course of his research, significant additional vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by affected parties.”
There is a nice series over at Web MaxFormance on using wordpress as a Content Management System, or CMS, for any website. I find so much value in Igor’s posts as he is very strong on SEO, and I am constantly looking to learn on the seo side.
WordPress is not just for blogging!! I have been using wordpress for my website as well as client sites for 3 years now. I have never looked back. Most people can get a wordpress site up and running, integrate some plugin functionality and integrate all their content in a very short hour or two. And it has never been easier to hand a client a website and let them manage it 100%.
Seriously. Could you even make these stories up?
Sony comes clean. They admit that 77 million records were compromised.
In its official statement, Sony recommends, “If you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly advise that you change them.”
An InfoWorld article summarizes the Verizon 2011 Data Breach Investigations Report(DBIR) and shows that – surprise! – the attackers are getting smarter, but most attacks could be stopped with basic detection techniques.
from the VZ Whitepaper Resource Center.
An article at CNN Money shows that some of the major shopping cart providers, Amazon, Google and Paypal have software flaws. Working with an attorney to conduct their testing ethically, researchers from from Indiana University and Microsoft (MSFT, Fortune 500) Research showed flaws that resulted in the merchant being paid less than the full price or not being paid at all and then received the items. They have returned the items to the merchants and worked with them to harden their systems.
RSA, one of the pioneering companies of information security and the creator of SecurID technology in use by thousands of corporations worldwide, was the target and victim of an advanced persistent threat attack, according to a letter from their Executive Chairman.
In an article at the New York Times, Whitfield Diffie, the crytographic granddaddy of the Diffie-Hellman key exchange protocol, says a worst case scenario could be the master key for SecurID was stolen. Although an unlikely scenario, if true it could render the device useless.
The device is in use by approximately 40 million people securing the assets of approximately 250 million people worldwide.
I’ve been using openfire chat server for about two years now. It has been a fantastic cost-effective solution for our clients to communicate efficiently and securely, the solution scales from 2 users to massive, and it’s very easy to setup and administer. Openfire is a fully featured XMPP real time collaboration (RTC) server offering full support for traditional IM, web-based or managed queue, voice and video chat as well as rich media sharing.
The Open Source project is maintained by Jive Software, the social business application powerhouse. Jive maintains the development community and makes sure the project implements important fixes, improvements to stability and XMPP protocol compliance. They continue to do a great job with the most recent release being Openfire 3.7.0 beta 2 weeks ago.
If users are currently using public chat services for corporate communications, I would strongly encourage you to investigate Openfire. The benefits of bringing a widely used service like this in-house are tremendous, but mainly I would cite security as the number one benefit. Most other chat protocols/services do not use TLS/SSL or it’s optional and off by default, and thus it’s a low-hanging vector for data breach and leakage. But hopefully I’m preaching to the choir, because this post is for current Openfire users.
Recently, a client needed to migrate their Openfire service off a windows machine to a linux server. What a great idea! It’s a fairly straightforward install on the linux box until you try to move the database. Openfire can use an embedded flat file db or an external database (MySQL, SQL Server, Oracle, PostgreSQL, IBM DB2, HSQLDB).
Unfortunately, moving a MySQL database from windows to linux can be a roadblock to what should be a quick and easy migration. Windows likes to ignore case, but linux sees a table name in lowercase as a separate table from one using all caps or even one uppercase character.
Hopefully by sharing my solution, I’ll save somebody the couple of hours I spent implementing this.
Read More »
Oncor is receiving up to 60,000 calls per hour due to unannounced rolling blackouts across the state. Their twitter feed has become an apology line. They are explaining to their customers that they are following ERCOT’s order to shed load. ERCOT is explaining this is a proactive measure to make it through the next few days of increased load. I don’t believe it. I think the demand is at full capacity. A very scary situation for Texas residents and businesses alike.
In an abrupt moment, the world’s electronic access to the entire country of Egypt has been disabled. This post over at the renesys blog is a good description of what happened.
Check out the graphical representation of routing activity over Egyptian prefixes in the last 24 hours. Scary how an entire country can just drop off the face of the earth.
There are reports that twitter went down early yesterday, then the ISPs came near the end of the day our time…
The blocking may have began on Wednesday, when Twitter became unavailable, but there was some speculation as to whether it was being blocked or just overloaded. Lord knows it overloads here all the time – and add a little political protest and who knows what might happen. Has anyone seen any comment from twitter?
Wikileaks was also promising some pending leaks re: Egypt…
- August 2016
- December 2015
- September 2015
- August 2015
- April 2014
- February 2014
- October 2013
- September 2013
- August 2013
- July 2013
- May 2013
- April 2013
- February 2013
- January 2013
- October 2012
- September 2012
- June 2012
- February 2012
- January 2012
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- An error has occurred, which probably means the feed is down. Try again later.