Showing posts with label exploit. Show all posts
Showing posts with label exploit. Show all posts

Wednesday, May 13, 2015

Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters | ZDNet

If you've gone the virtual route, take note:

Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters | ZDNet

Monday, October 20, 2014

Who let the dogs out?

Here we go again - yet another "major" security vulnerability.  This time it is SSL 3.0 (why is anyone even using this anymore?) that has fallen victim.  Read more about the POODLE exploit at US-CERT.

Edit: The plot thickens!  This might be a good thing...

After reading a bit more on the subject, I realized that there might be a silver lining to this dark dog-shaped cloud after all.  All modern browsers support TLS and only fall back to SSL as a failsafe, so disabling SSL should not present an issue.  Notice that I said modern.  How many web developers out there consider IE6 and its nearly fossilized users to be thorn in their side?  Yes, there are some entities that insist on maintaining compatibility with this dinosaur of a browser.  Guess what IE6 does not support?  You guessed it... TLS!  What better reason to justify discontinuing support for IE6?

Dilbert.com
sed 's/WINDOWS XP/INTERNET EXPLORER 6/'

Wednesday, October 1, 2014

Are you patched?

I'm sure by now you've heard of the Bash vulnerability Shellshock.  Not going to beat a dead horse, but if you haven't patched yet, stop reading this and do it now!  After you're done, check out shellshocker.net and see if you're still vulnerable.

Thursday, August 22, 2013

BuzzFeed "features" Backtrack Linux 5 in article detailing Jigsaw exploit

There is an interesting article on BuzzFeed today about spear-phishing Jigsaw via a Ruby based exploit.  While it doesn't specifically name Backtrack, all of the screenshots feature it prominently.

Image courtesy of BuzzFeed

At first glance, one might assume that Backtrack is the demon-spawn tool of the nefarious Chinese or Russian hacker, hunched over their laptop in some dimly lit, musty room.  Backtrack can be used that way, but it is actually recognized as one of the most well-known pen-testing and forensics suites out there today.  You can look at it in the same way that one would look at a hammer - you can choose to use it as a useful tool or a murder weapon.  Backtrack Linux is the same way.  If you need a tool to determine where your vulnerabilities are, then give it a try.


You can find the article here:  The Simple Tool That Allows Anyone To Be A Hacker

Backtrack Linux is available at www.backtrack-linux.org.