Monday, October 20, 2014

Who let the dogs out?

Here we go again - yet another "major" security vulnerability.  This time it is SSL 3.0 (why is anyone even using this anymore?) that has fallen victim.  Read more about the POODLE exploit at US-CERT.

Edit: The plot thickens!  This might be a good thing...

 After reading a bit more on the subject, I realized that there might be a silver lining to this dark dog-shaped cloud after all.  All modern browsers support TLS and only fall back to SSL as a failsafe, so disabling SSL should not present an issue.  Notice that I said modern.  How many web developers out there consider IE6 and its nearly fossilized users to be thorn in their side?  Yes, there are some entities that insist on maintaining compatibility with this dinosaur of a browser.  Guess what IE6 does not support?  You guessed it... TLS!  What better reason to justify discontinuing support for IE6?

Dilbert.com
sed 's/WINDOWS XP/INTERNET EXPLORER 6/'

at 8:31 AM 0 comments
Labels: , , ,

Wednesday, October 1, 2014

Are you patched?

I'm sure by now you've heard of the Bash vulnerability Shellshock.  Not going to beat a dead horse, but if you haven't patched yet, stop reading this and do it now!  After you're done, check out shellshocker.net and see if you're still vulnerable.
at 10:00 PM 0 comments
Labels: , ,

Friday, August 15, 2014

The future of IT

Ran across this amazing video the other day where the self-described "NextGenHacker101" graciously shares his expertise in network forensic techniques:


Poor kid should stick to a Mac.
at 10:34 AM 0 comments
Labels: ,
Subscribe to: Posts (Atom)