.focus on your core business.
In a blog post today at nsslabs.com, NSS CEO Rick Moy lauded the infosec acumen of researcher Dillon Beresford, saying “In the course of his research, significant additional vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by affected parties.”
There is a nice series over at Web MaxFormance on using wordpress as a Content Management System, or CMS, for any website. I find so much value in Igor’s posts as he is very strong on SEO, and I am constantly looking to learn on the seo side.
WordPress is not just for blogging!! I have been using wordpress for my website as well as client sites for 3 years now. I have never looked back. Most people can get a wordpress site up and running, integrate some plugin functionality and integrate all their content in a very short hour or two. And it has never been easier to hand a client a website and let them manage it 100%.
Seriously. Could you even make these stories up?
Sony comes clean. They admit that 77 million records were compromised.
In its official statement, Sony recommends, “If you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly advise that you change them.”
An InfoWorld article summarizes the Verizon 2011 Data Breach Investigations Report(DBIR) and shows that – surprise! – the attackers are getting smarter, but most attacks could be stopped with basic detection techniques.
The full 2011 VZ DBIR can be found here.
from the VZ Whitepaper Resource Center.
An article at CNN Money shows that some of the major shopping cart providers, Amazon, Google and Paypal have software flaws. Working with an attorney to conduct their testing ethically, researchers from from Indiana University and Microsoft (MSFT, Fortune 500) Research showed flaws that resulted in the merchant being paid less than the full price or not being paid at all and then received the items. They have returned the items to the merchants and worked with them to harden their systems.
RSA, one of the pioneering companies of information security and the creator of SecurID technology in use by thousands of corporations worldwide, was the target and victim of an advanced persistent threat attack, according to a letter from their Executive Chairman.
In an article at the New York Times, Whitfield Diffie, the crytographic granddaddy of the Diffie-Hellman key exchange protocol, says a worst case scenario could be the master key for SecurID was stolen. Although an unlikely scenario, if true it could render the device useless.
The device is in use by approximately 40 million people securing the assets of approximately 250 million people worldwide.
I’ve been using openfire chat server for about two years now. It has been a fantastic cost-effective solution for our clients to communicate efficiently and securely, the solution scales from 2 users to massive, and it’s very easy to setup and administer. Openfire is a fully featured XMPP real time collaboration (RTC) server offering full support for traditional IM, web-based or managed queue, voice and video chat as well as rich media sharing.
The Open Source project is maintained by Jive Software, the social business application powerhouse. Jive maintains the development community and makes sure the project implements important fixes, improvements to stability and XMPP protocol compliance. They continue to do a great job with the most recent release being Openfire 3.7.0 beta 2 weeks ago.
If users are currently using public chat services for corporate communications, I would strongly encourage you to investigate Openfire. The benefits of bringing a widely used service like this in-house are tremendous, but mainly I would cite security as the number one benefit. Most other chat protocols/services do not use TLS/SSL or it’s optional and off by default, and thus it’s a low-hanging vector for data breach and leakage. But hopefully I’m preaching to the choir, because this post is for current Openfire users.
Recently, a client needed to migrate their Openfire service off a windows machine to a linux server. What a great idea! It’s a fairly straightforward install on the linux box until you try to move the database. Openfire can use an embedded flat file db or an external database (MySQL, SQL Server, Oracle, PostgreSQL, IBM DB2, HSQLDB).
Unfortunately, moving a MySQL database from windows to linux can be a roadblock to what should be a quick and easy migration. Windows likes to ignore case, but linux sees a table name in lowercase as a separate table from one using all caps or even one uppercase character.
Hopefully by sharing my solution, I’ll save somebody the couple of hours I spent implementing this.
Read More »
Oncor is receiving up to 60,000 calls per hour due to unannounced rolling blackouts across the state. Their twitter feed has become an apology line. They are explaining to their customers that they are following ERCOT’s order to shed load. ERCOT is explaining this is a proactive measure to make it through the next few days of increased load. I don’t believe it. I think the demand is at full capacity. A very scary situation for Texas residents and businesses alike.
In an abrupt moment, the world’s electronic access to the entire country of Egypt has been disabled. This post over at the renesys blog is a good description of what happened.
Check out the graphical representation of routing activity over Egyptian prefixes in the last 24 hours. Scary how an entire country can just drop off the face of the earth.
There are reports that twitter went down early yesterday, then the ISPs came near the end of the day our time…
The blocking may have began on Wednesday, when Twitter became unavailable, but there was some speculation as to whether it was being blocked or just overloaded. Lord knows it overloads here all the time – and add a little political protest and who knows what might happen. Has anyone seen any comment from twitter?
As with all world news, especially hot political situations, the social media networks are exploding, nearly every single site is trending Egypt.
Wikileaks was also promising some pending leaks re: Egypt…
In a Computerworld article today, some researchers have shown how easily circumvented the PKES or passive keyless and start systems used by all the major manufacturers are. For as little as $100, equipment can be obtained off-the-shelf and configured to sniff the codes used by these systems. “In this paper, we demonstrate that these attacks are both feasible and practical,” the researchers said.
The article notes very specific details about how the attack can be successfully pulled off and states the researcher’s opinion that the attacks are not theoretical. The only recommendation to mitigate the attack is to use a protective magnetic envelope to prevent the fob from emitting signals or removing the fob’s battery.
This is a great case of a manufacturer not taking security seriously. In this case it shows the laxity and arrogance of entire industry. Are there any manufacturers that have multifactor security available? Simply using a thumbprint in conjunction with the fob, would have prevented the mess the industry is in now having to fix the issue. I wonder if any security consultants were consulted? I am guessing no.
Wired Security Security Magazine Cyber Security Security Magazine Healthcare© 2001-2023 empowerT LLC
