Man-In-the-Middle Vulnerability For SSL and TLS

News of a new vulnerability in SSL/TLS has been making the rounds today. I first noticed it over at Slashdot which had a link to the guy who discovered the vulnerability, Ben Laurie a member of the Shmoo Group. You can read his post about the vulnerability here.
In a nutshell (and with as little IT [...]

Read Full Post »

Synchrosity and Social Networking

For a long time I saw no value in social networking. Particularly during the advent and subsequent rise of MySpace. It appeared to me to be an exercise solely in personal exhibitionism. I didn’t have anything I wanted to share and I didn’t feel I really needed to know anything more about what my friends [...]

Read Full Post »

MI6, Facebook and Privacy Settings

Various news articles about the disclosure of the new MI6 chief on Facebook have been making the rounds as of late.
MI6 boss in Facebook entry row
It seems like a good time to revisit a guide that new users to Facebook should take a look at:
10 Privacy Settings Every Facebook User Should Know
I’ll summarize the [...]

Read Full Post »

Internet Safety: Critical Adobe Patch

Adobe has released a patch for the latest zero day vulnerability.
This particular vulnerability has an elevated level of risk for the average user as it does not require you to actually open the infected PDF file. Simply receiving it is enough to activate some versions of the malware and cause harm to your system.
Read the [...]

Read Full Post »

Internet Safety: Malware by Parking Ticket

At ISC SANS today there is an entry about a new piece of malware that is being spread by a rather unique means of infection.
Fake windshield fliers and parking tickets.

If you go to the website listed on the flier/ticket, the site attempts to have you download and install a piece of malware as well as [...]

Read Full Post »

Cold Boot RAM Grab Update

Some attention was garnered by a blog this weekend:
http://frozencache.blogspot.com
Which describes itself as: “A blog about the development of a general-purpose solution for mitigating cold-boot attacks on Full-Disk-Encryption solutions.”
Shortly thereafter Hack-a-day responded with:
http://hackaday.com/2009/01/18/use-the-cpu-cache-to-prevent-cold-boot-no/
The important part of this is:
“We asked cold boot team member [Jacob Appelbaum] what he thought of the
approach. He pointed out that initial [...]

Read Full Post »

DNS Dead Drop

If one familiarizes themselves with how packets are structured, it soon becomes apparent that there are all sorts of places to squeeze extra information in that does not alter the packet in any way that prevents communication and yet allows for the transmission of information that will be “invisible” to most.
For example let’s pretend this [...]

Read Full Post »

Google’s Picasa: 3.0 Comes With Facial Recognition

Picasa is Google’s photo album software.
Download it here.
Play with the web version here.
When you tag a person in Picasa with 3.0, it will analyze new photos you add and recognize people you have tagged before. Thus it will provide you with suggestions on who is in your photo.
A very interesting and potentially helpful feature!
However…
Given [...]

Read Full Post »

88% of IT staff would steal secrets if laid off?

Survey: IT staff would steal secrets if laid off
A staggering 88 percent of IT administrators admitted they would take corporate secrets, if they were suddenly made redundant. The target information included CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company’s list of privileged passwords.
The research also revealed that, of [...]

Read Full Post »

Internet Safety: Enable SSL in Gmail

The cyberwebtubes are full of surprises, many of which are essentially invisible to us normal folk. In a couple weeks a tool is being released that automates the process for stealing access to a person’s Gmail account. The key here though is that the victim is using Gmail unencrypted.
Read More Here.
The solution is to enable [...]

Read Full Post »