720-891-1663

Ashley Madison Hack Provides IT Pros More Hints On What Not To Do

As researchers continue to review the data dumps from the Ashley Madison breach, there are lessons to be learned from what has been found. While Ashley Madison claimed to have good security, the evidence does not support that.  For example, the VPN password from the Internet to their servers was Pass1234, according to one article […]

Continue reading → [DISPLAY_ACURAX_ICONS]

OpenSSL: Here We Go Again

UPDATE:  The details are out.  The issue is that under certain circumstances, a hacker could get OpenSSL to accept an HTTPS certificate that is fraudulent.  This does not affect the major browsers, but rather the second and third tier software that uses SSL behind the scenes.  Likely, you don’t even know all the places that […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Why Patching Doesn’t Work – Using Apple As An Example

Apple released patches to fix a family of security flaws called Masque the other day in iOS release 8.4 .  Researchers then came up with a new variant of the flaw that the patch doesn’t fix.  Apple had fixed earlier variants of the Masque attack in iOS 8.1.3 , Anyone see a theme here.  Unfortunately, […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Gov Isn’t Very Good At Fixing Software

According to Veracode, the government isn’t very good at fixing software flaws.  In fact, of 7 vertical segments, they rank last.  The financial and manufacturing sectors do best at fixing vulnerabilities.  Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time.  Given this, it is not […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Millions Of Routers And Other Products Vulnerable To NetUSB Bug

Another day, another software supply chain exploit.  This time, Zytel and D-Link have confirmed that their routers have the bug, but researchers think products from Netgear, TP-Link, Trendnet and other vendors are vulnerable.  Already 90 plus products from more than 20 vendors have been potentially identified as vulnerable.  Only TP-Link has announced a patch.  The […]

Continue reading → [DISPLAY_ACURAX_ICONS]