PayPal has been the talk of the town the last couple of weeks – at least in the SpamAssassin User’s Group. Hackers have been sending out fraudulent Emails. They pass SPF checks. They pass DKIM signing checks. In Email, the only headers you can really trust are your own and all of the Emails were […]
Internet Security
Give it a REST: Serious WordPress Bugs
So, what do you know about the WordPress REST API? If you’re like me, the answer is “not much”. So it came out of the blue when a friend of mine contacted me last week about problems he was having with the REST API. The Issues 1) The URL https://www.example.com/wp-json/wp/v2/users can return information about ALL […]
Hardening the Apache Webserver
One thing that should be done for those hosting their own Apache Webservers is to remove any unneeded information from Apache Error responses: Apache/2.4.48 (Ubuntu) Server at example.com Port 443 In the standard setup for Apache, Apache reveals it’s version number as well as the underlying O/S that it is running on. Why make it […]
40 Websites Hacked in 7 Minutes
I came across this article written by a Greek EE student named Georgios Konstantopoulos. It was published in Hackernoon here: https://hackernoon.com/how-i-hacked-40-websites-in-7-minutes-5b4c28bc8824. It is aptly titled: “How I Hacked 40 Websites in 7 minutes”. The key takeaways here are: If content can be uploaded, take precaution to prevent any execution of data within the upload folders. This is […]
BOLO: 17-Year Old MS-Office Bug in Equation Editor
This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects […]
Divorce eSecurity: Practical Electronic Security
Author: Jared Hall Revision: 1.1 URL: https://www.jaredsec.com/2017/11/08/divorce-esecurity/ Original Date: 11/11/2010 Revision Date: 11/07/2017 Introduction Separation or divorce is never a good thing. In the case of contested divorces, where the split of assets is complex, the same passion which once brought you and your partner together is often negatively directed to tear each other apart. This […]
Bits on Bitcoin!
Author: Jared Hall Revision: 1.0 URL: https://www.jaredsec.com/2017/11/01/bits-on-bitcoin Date: 11/01/2017 Introduction In the midst of the global financial crisis, a paper was anonymously authored in November of 2008. It described a peer-to-peer, distributed, electronic payment system without the oversight of a “trusted” central party, like a bank, PayPal, or the Federal Reserve. The paper was titled: “Bitcoin“. […]
BOLO: WPA2 WiFi KRACKed. Ouch!
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
VPN Services: A Primer
So, I got an Email last week from a fellow in Estonia asking me to add his site to my list of links. I don’t really want to link to everybody with an article, but these people did such a good job evaluating different VPN systems that it is worthy to write about it. Their site […]
Un-Clouding: Don’t Let This Happen to You!
There was an article that was sent to me entitled “Unclouding trend is real, but preventable“. That got my attention since the Cloud is in that period of disillusionment. They cited a Q3 2016 survey from Datalink that stated that nearly 40% of organizations with public cloud experience have migrated systems from the Cloud to […]