Anthem, TurboTax and How Things "Fit Together" Sometimes, (Fri, Feb 6th)
Everybody probably heard of the Anthem databreach. If you are affected, you probably got an e-mail from your HR person with some details by now, or you got a phishing e-mail making sure you can enjoy...
View ArticleUpdate to kippo-log2db.pl, (Sat, Feb 7th)
I discovered an issue with the tool I wrote about last June. Ive updated kippo-log2db.pl correcting an error where it was populating the sensor column of the session table improperly. I discovered the...
View ArticleRaising the "Creep Factor" in License Agreements, (Sun, Feb 8th)
When I started in this biz back in the 80s, I was brought up short when I read my first EULA (End User License Agreement). Back then, software was basically wrapped in the EULA (yes, like a Christmas...
View ArticleBURP 1.6.10 Released, (Sun, Feb 8th)
The fine folks at Portswigger released the lastest version of BURP last week - v1.6.10 New checks include: Server-side include (SSI) injection Server-side Python code injection Leaked RSA private keys...
View ArticleISC StormCast for Monday, February 9th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBackups are part of the overall business continuity and disaster recovery...
The mantra of Aworking, tried and tested backup is something that has to be donealmost seems to be catching on after over twenty years of saying it. The horror stories in the media of people and...
View ArticleISC StormCast for Tuesday, February 10th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Update Advisory for February 2015, (Tue, Feb 10th)
Overview of the February 2015 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS15-009 Security Update for...
View ArticleDetecting Mimikatz Use On Your Network, (Tue, Feb 10th)
I am an awesome hacker. Perhaps the worlds greatest hacker. Dont believe me? Check out this video where I prove I know the administrator password for some really important sites! (Watching it full...
View ArticleMicrosoft Patches appear to be causing problems, (Tue, Feb 10th)
Just a heads up to our readers. We have received multiple reports of Microsoft patches causing machines to hang. There is also a report that Microsoft has pulled one of the patches. Specifically, we...
View ArticleISC StormCast for Wednesday, February 11th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Hardens GPO by Fixing Two Serious Vulnerabilities., (Wed, Feb 11th)
Microsoft released more details about two vulnerabilities patched on Tuesday. Both patches harden Microsofts group policy implementation. [1] Group policy is a critical tool to manage larger networks....
View ArticleDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info...
The Councils Assessor Newsletter, which is distributed by the Payment Card Industry council responsible for the PCI security standard, contained an interesting paragraph that is causing concerns among...
View ArticleISC StormCast for Thursday, February 12th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDid You Remove That Debug Code? Netatmo Weather Station Sending WPA...
I have the bad habit of playing with home automation and various data acquisition tools. I could quit any time ifI wanted to, but so far, I decided not to. My latest toy to add to the collection was a...
View ArticleISC StormCast for Friday, February 13th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect...
Another patch released by Microsoft this month is causing problems. This time it is KB3023607,which was supposed to mitigate the POODLE vulnerability. Once applied, Cisco AnyConnect users are no longer...
View ArticleEnd of the m0n0wall project - http://seclists.org/oss-sec/2015/q1/565, (Sun,...
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Monday, February 16th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Patch Mayhem: February Patch Failure Summary, (Mon, Feb 16th)
February was another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems, here a quick...
View Article