Twitter
LinkedIn
RSS

Posts Tagged ‘diary-archives’


Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates – http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208,…

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center.

Read More...

Fun with Passphrases!, (Thu, Apr 24th)

As systems administrators and security folks, we’ve all had our fill of our users and customers using simple passwords.  Most operating systems these days now enforce some level of password complexity by default, with options to “beef up” the password requirements for passwords. The prevailing wisdom today is to use passphrases – demonstrated nicely by our bud at xkcd – http://xkcd.com/936/ So I routinely have very long pass phrases for public facing accounts.  Imagine my surprise when I was creating a new account on major cloud service (the one that starts with an “O” and ends with a “365″), and found that I was limited to a 16 character password.  Needless to say I have a case open to see if that limit can be removed.  I’m not looking for no limit / invitation to a buffer overflow status on the password field, but something bigger than 16 would really be appreciated !     (c) SANS Internet Storm Center

Read More...

Special Edition of OUCH: Heartbleed – Why Do I Care? http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf, (Wed, Apr 23rd)

–  Alex Stanford – GIAC GWEB, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center.

Read More...

Apple Patches for OS X, iOS and Apple TV., (Tue, Apr 22nd)

Apple today released patches for OS X, iOS and Apple TV. The OS X patches apply for versions of OS X back to Lion (10.7.5). Vulnerabilities fixed by these patches can lead to remote code execution by visiting malicious web sites

Read More...

Heartbleed silver lining: full-scale review and cleanup of the OpenSSL codebase planned by OpenBSD devs

Heartbleed silver lining: full-scale review and cleanup of the OpenSSL codebase planned by OpenBSD devs — 11 retweets 3 favorites

Read More...

OpenSSL Rampage, (Mon, Apr 21st)

OpenSSL, in spite of its name, isn’t really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase

Read More...

New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th)

—— Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center.

Read More...

Looking for malicious traffic in electrical SCADA networks – part 1, (Tue, Apr 15th)

When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability ?

Read More...

VMWare Advisory VMSA-2014-0004 – Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html, (Tue, Apr 15th)

Richard Porter — ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

INFOCon Green: Heartbleed – on the mend, (Mon, Apr 14th)

We are going back to INFOCon Green today.

Read More...