Wow. So, I’m trolling through TV channels and I came across a great debate on CSPAN on July 8th. It was originally aired live on June 6, 2017. The CSPAN broadcast can be found here. The debate was sponsored by Intelligence Squared, and their podcast of the debate can be found here. The Debate Question: […]
General
WordPress and Joomla Updates
There were two bugs discovered and fixed in the popular WordPress “WP Statistics” plugin. The first one is a SQL Injection vulnerability that could be exploited by a local, low-privileged user, like a “Subscriber” account. A SQL Injection attack could allow that subscriber to be able to add an “Administrator” account. About the time that […]
Skype: Critical Vulnerability Patched
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]
HIPAA: Product Sunsets
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
Mobile Device/Smartphone Security
This post has been sprung off as a separate page. It can be found here: https://www.jaredsec.com/mobile-devicesmartphone-security-tips/
Windows 10S: Microsoft Bogus Claims
Microsoft claims that it’s new version of Windows 10, “Windows 10S” is impervious to malware attacks. Frankly, I thought this was a ludicrous claim. Nothing has perfect security. As I’ve always recast and said, “Security is a compromise“. So, I found this article from ZDNet and thought I would share it with you. This is a summary […]
Foscam: A Chinese Disaster
Foscam, a Chinese manufacturer of IP Cameras, is a good example of what’s bad with the Internet of Things. They also demonstrate that low-cost *is* low-security. If you have a Foscam product, you might as well put a sign up saying, “Hack Me. I don’t care.” F-Secure released a report earlier this week detailing […]
Protect Yourself: Life Outside the Firewall
This has been moved to a standalone page. The content can be found here: https://www.jaredsec.com/life-outside-the-firewall-protection/
New USB Kill 3.0: From the makers of USB Kill™
A long time ago, I posted a comment on #FB regarding USB Hardware Kill Sticks to an audience of disbelievers. So, as I’m trolling the ‘Net, I came across a legitimate manufacturer of such devices, aptly named: https://www.usbkill.com/; complete with a valid SSL certificate and secure shopping cart. Kudos to them for some great advertising on […]
Big Data vs. Big Oil: Technology Company Value
So, what is a barrel of bits trading for these days? Apparently, a lot more than a barrel of oil. The Economist brings up an interesting look at the big high tech industry and makes some startling revelations regarding the absolute, dominating wealth of some of the world’s most wealthiest technology companies; including Google, Apple, […]