If you've gone the virtual route, take note:
Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters | ZDNet
Showing posts with label exploit. Show all posts
Showing posts with label exploit. Show all posts
Wednesday, May 13, 2015
Thursday, November 6, 2014
Serious Linux/UNIX FTP Flaw Allows Command Execution - Darknet - The Darkside
Alright boys and girls, it's time for another installment of Vulnerability of the Day!
Serious Linux/UNIX FTP Flaw Allows Command Execution - Darknet - The Darkside
Serious Linux/UNIX FTP Flaw Allows Command Execution - Darknet - The Darkside
Monday, October 20, 2014
Who let the dogs out?
Here we go again - yet another "major" security vulnerability. This time it is SSL 3.0 (why is anyone even using this anymore?) that has fallen victim. Read more about the POODLE exploit at US-CERT.
Edit: The plot thickens! This might be a good thing...
After reading a bit more on the subject, I realized that there might be a silver lining to this dark dog-shaped cloud after all. All modern browsers support TLS and only fall back to SSL as a failsafe, so disabling SSL should not present an issue. Notice that I said modern. How many web developers out there consider IE6 and its nearly fossilized users to be thorn in their side? Yes, there are some entities that insist on maintaining compatibility with this dinosaur of a browser. Guess what IE6 does not support? You guessed it... TLS! What better reason to justify discontinuing support for IE6?
Edit: The plot thickens! This might be a good thing...
After reading a bit more on the subject, I realized that there might be a silver lining to this dark dog-shaped cloud after all. All modern browsers support TLS and only fall back to SSL as a failsafe, so disabling SSL should not present an issue. Notice that I said modern. How many web developers out there consider IE6 and its nearly fossilized users to be thorn in their side? Yes, there are some entities that insist on maintaining compatibility with this dinosaur of a browser. Guess what IE6 does not support? You guessed it... TLS! What better reason to justify discontinuing support for IE6?
 |
| sed 's/WINDOWS XP/INTERNET EXPLORER 6/' |
Wednesday, October 1, 2014
Are you patched?
I'm sure by now you've heard of the Bash vulnerability Shellshock. Not going to beat a dead horse, but if you haven't patched yet, stop reading this and do it now! After you're done, check out shellshocker.net and see if you're still vulnerable.
Thursday, August 22, 2013
BuzzFeed "features" Backtrack Linux 5 in article detailing Jigsaw exploit
There is an interesting article on BuzzFeed today about spear-phishing Jigsaw via a Ruby based exploit. While it doesn't specifically name Backtrack, all of the screenshots feature it prominently.
At first glance, one might assume that Backtrack is the demon-spawn tool of the nefarious Chinese or Russian hacker, hunched over their laptop in some dimly lit, musty room. Backtrack can be used that way, but it is actually recognized as one of the most well-known pen-testing and forensics suites out there today. You can look at it in the same way that one would look at a hammer - you can choose to use it as a useful tool or a murder weapon. Backtrack Linux is the same way. If you need a tool to determine where your vulnerabilities are, then give it a try.
You can find the article here: The Simple Tool That Allows Anyone To Be A Hacker
Backtrack Linux is available at www.backtrack-linux.org.
 |
| Image courtesy of BuzzFeed |
At first glance, one might assume that Backtrack is the demon-spawn tool of the nefarious Chinese or Russian hacker, hunched over their laptop in some dimly lit, musty room. Backtrack can be used that way, but it is actually recognized as one of the most well-known pen-testing and forensics suites out there today. You can look at it in the same way that one would look at a hammer - you can choose to use it as a useful tool or a murder weapon. Backtrack Linux is the same way. If you need a tool to determine where your vulnerabilities are, then give it a try.
You can find the article here: The Simple Tool That Allows Anyone To Be A Hacker
Backtrack Linux is available at www.backtrack-linux.org.
Subscribe to:
Posts (Atom)