Author: Perry Varanoid

IC3 Issues Internet Crime Report for 2014 0

IC3 Issues Internet Crime Report for 2014

Original release date: May 22, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Thumbnail 0

Adult Friend Pwner – Daily Security Byte EP.87

If you date online, especially at “adult” dating sites, you may want to reconsider how much data you share with these organizations. This week, a researcher found a stolen user data dump from a very popular adult dating site. Watch the video to learn the details, and find out how to learn whether or not you are affected by this and other breaches

Lazy Coordinated Attacks Against Old Vulnerabilities, (Fri, May 22nd) 0

Lazy Coordinated Attacks Against Old Vulnerabilities, (Fri, May 22nd)

Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more advanced state sponsored attackers (lots of resources, decent skills and ability to conduct long lasting persistent attacks). So it was a bit odd to see an attack against a rather old vulnerability in DeDeCMS”> The attack: GET /uploads/plus/search.php?keyword=11typeArr[%60@%27%60and%28SELECT1%20FROM%28selectcount%28*%29,concat%28floor%28rand%280%29*2%29,%28SELECT/*%27*/concat%280x5f,userid,0x5f,pwd,0x5f%29fromdede_adminLimit0,1%29%29afrominformation_schema.tables%20group%20by%20a%29b%29]=1 HTTP/1.1 301 178 – Python-urllib/2.7 DeDeCMSis a Drupal like content management system popular in China [1]

Thumbnail 0

WatchGuard Breaks Logjam and Protects Encrypted Connections

This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, SSH, and other TLS implementations, use it to set up shared secrets.

Why the Current Section 215 Reform Debate Doesn’t  Matter Much 0

Why the Current Section 215 Reform Debate Doesn’t Matter Much

The ACLU’s Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 — 180 orders issued by this court. Only five of those orders relate to the telephony metadata program