Varanoid.com

Image acfe.png 0

KrebsOnSecurity Honored for Fraud Reporting

The Association of Certified Fraud Examiners today announced they have selected Yours Truly as the recipient of this year’s “Guardian Award,” an honor given annually to a journalist “whose determination, perseverance, and commitment to the truth have contributed significantly to the fight against fraud.” The Guardian Award bears the inscription “For Vigilance in Fraud Reporting.” Previous honorees include former Washington Post investigative reporter and two-time Pulitzer Prize winner Susan Schmidt ; Diana Henriques , a New York Times  contributing writer and author of The Wizard of Lies  (a book about Bernie Madoff); and Allan Dodds Frank , a regular contributor to Fortune.com and The Daily Beast . I’d like to thank the ACFE for this prestigious award, and offer a special note of thanks to all of you dear readers who continue to support my work as an independent journalist. The ACFE’s blog post about the award is here .

VU#447516: Linksys SMART WiFi firmware contains multiple vulnerabilities 0

VU#447516: Linksys SMART WiFi firmware contains multiple vulnerabilities

Vulnerability Note VU#447516 Linksys SMART WiFi firmware contains multiple vulnerabilities Original Release date: 31 Oct 2014 | Last revised: 31 Oct 2014 Overview Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. Description CWE-320 : Key Management Errors – CVE-2014-8243 An unauthenticated attacker on the local area network (LAN) can read the router’s .htpassword file by requesting http(s):// /.htpasswd . The .htpasswd file contains the MD5 hash of the administrator password

Image emvkey.png 0

Chip & PIN vs. Chip & Signature

The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S.

CSAM Month of False Postives – False Positives from Management, (Thu, Oct 30th) 0

CSAM Month of False Postives – False Positives from Management, (Thu, Oct 30th)

Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. Youll know going in that the problem is absolutely real, but the information going in might be a total red herring. Some classic examples are: The network is slow I ran a speed test, we should being seeing 10x the speed

The Best Kept Secret at Fortinet 0

The Best Kept Secret at Fortinet

Just take a look at the latest news headlines and you’ll get a strong picture of just how pervasive and, in many ways, elusive the world of cyber security has become. Each week it seems there are reports of new, more insidious attacks.