Twitter
LinkedIn
RSS

Posts Tagged ‘podcasts’


New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th)

—— Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center.

Read More...

Looking for malicious traffic in electrical SCADA networks – part 1, (Tue, Apr 15th)

When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability ?

Read More...

VMWare Advisory VMSA-2014-0004 – Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html, (Tue, Apr 15th)

Richard Porter — ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Reverse Heartbleed Testing, (Sun, Apr 13th)

I wanted to know if the tools/software I execute regularly are vulnerable to scraping my system memory.  Now the reverse heartbleed scenario is very possible, but the likelihood seems to be much more of a non-issue.   Seeing is still believing in my book

Read More...

Interested in a Heartbleed Challenge?, (Sat, Apr 12th)

CloudFlare lunched a challenge yesterday: Can You Get Private SSL Keys Using Heartbleed?[ 1 ]  The site created by CloudFlare engineers is located here and is intentionally vulnerable to heartbleed. If you manage to steal the private key from the site, they will post the full details on that site. So far two individuals have succeeded: Fedor Indutny (@indutny) and Ilkka Mattila of NCSC-F.[ 2 ] If you have time and bandwidth, this might be a fun weekend project.

Read More...

Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. -…

———– Guy Bruneau IPSS Inc.

Read More...

The Other Side of Heartbleed – Client Vulnerabilities, (Fri, Apr 11th)

We're getting reports of client applications that are vulnerable to the heartbleed issue.  Just as with server applications, these client applications are dependant on vulnerable versions of OpenSSL. Another “patch soon” problem, you say?  The patch will be installed when the vendor …  oh, wait a minute.  Just exactly when will your TV's manufacturer update the web browser on your TV?  And when will you be applying that patch?  How about your in-laws TV?  This vulnerability on the client side has the potential to be much longer-lived than on servers. This combines the problem of the specific heartbleed vulnerabilty with the problem of embedded devices that may never be updated.  Or devices that are updated by vendors for a year or two after release, then abandoned when the new model comes out – home routers and TV sets are great examples of this situation, but so are medical devices

Read More...

How to talk to your kids about "Heartbleed", (Fri, Apr 11th)

With more mass-media attention to the heartbleed bug, we are getting more questions from “normal users” about the heartbleed bug. The “Heartbleed” bug is not affecting end users using Windows. It does not affect standard Windows browsers (Internet Explorer, Firefox, Chrome)

Read More...

ISC StormCast for Friday, April 11th 2014 http://isc.sans.edu/podcastdetail.html?id=3931, (Fri, Apr 11th)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Brace Yourselves (and your Users / Clients) for Heartbleed SPAM, (Thu, Apr 10th)

I started getting emails yesterday asking me to change passwords on services I do not have accounts on – complete with helpful links – back-ended by malware and/or credential harvesting of course Just a few minutes ago, I also received a legit email along the same lines, from a security organization.  Unfortunately, they also included links (OOPS), this time legit links, but that's still a big miss on their part. It's worth a reminder to your user community, clients and even family if you support their machines (and bad computing habits) also.  Helpful emails with links in them are in most cases NOT helpful.  Don't click that link! If it's legitimate, and especially this week, by all means browse to the affected site and change your password.  That's always a good idea.  But following an email link to a password change page is a good way to get your credentials stolen, or a good way to pick up a nice “gift” of malware.

Read More...