There is an issue with $wpdb->prepare() that can lead to unsafe queries and SQL Injection attacks. This does not occur with WordPress core, but can affect add-on plugins and themes. If you do not have Automatic Updates enabled, please download the new release as soon as possible. The WordPress bulleting is here: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Social(Networking+Engineering) Defeats Physical Security
I found an interesting article on Motherboard from a Pentester named Sophie Daniel. She did more than your standard online cybersecurity Penetration Testers do; she gained unrestricted physical access to a secure facility. Here’s the general process of the attack: Acquired Business Information Solicited business Information through website data, aerial/satellite photographs, and maps. Acquired Personnel […]
Chrome Browser Update: 62.0.3202.75
Google has released Chrome version 62.0.3202.75 for all operating systems. This fixes a high-severity stack-based buffer overflow bug. My Chrome browser did not update automatically, but did so when I went into Settings->Help->About Chrome. Threat Post has a more detailed write-up here: https://threatpost.com/google-patches-high-severity-browser-bug/128661/
Bits on Bitcoin!
Author: Jared Hall Revision: 1.0 URL: https://www.jaredsec.com/2017/11/01/bits-on-bitcoin Date: 11/01/2017 Introduction In the midst of the global financial crisis, a paper was anonymously authored in November of 2008. It described a peer-to-peer, distributed, electronic payment system without the oversight of a “trusted” central party, like a bank, PayPal, or the Federal Reserve. The paper was titled: “Bitcoin“. […]
Speed Dating for SysAdmins
I got a chuckle out of this comic found on Google IT. This should be titled: How not to pick up girls!
BOLO: WPA2 WiFi KRACKed. Ouch!
Perhaps a more apropos title would be: When “Nonce” is not enough! Holy cow, Batman, we’re in for a bumpy ride. The WPA2 protocol is vulnerable to an attack “in-the-wild” called Key Reinstallaton AttaCK (KRACK). This affects both Client devices and Servers (Router/Access Point). A “Nonce” is a number, usually generated in a pseudo-random fashion […]
A Netsec’s Favorite Mayonnaise
From Google’s IT Forum:
Microsoft Patch Tuesday: October 2017
Hmm. It’s another big update. Front and Center is CVE-2017-11826, a Remote Code Excecution, Zero-Day bug in all versions of Office 2007 and later, Word Automation Services, and Microsoft Office Web Apps server. This is important since there are active exploits of this bug “in the wild”. Two other Zero-Day bugs were fixed, CVE-2017-8703 (DOS in the […]
VPN Services: A Primer
So, I got an Email last week from a fellow in Estonia asking me to add his site to my list of links. I don’t really want to link to everybody with an article, but these people did such a good job evaluating different VPN systems that it is worthy to write about it. Their site […]
The How & Why of Caller-ID/SMS Spoofing
Caller-ID Spoofing? There’s an App for that! I recently received correspondence from individuals that I did not communicate and quickly determined that an unknown party has been spoofing my phone number. Between 2006 and 2007, I did some work for a small, local CLEC that had a CLASS 5 switch in St. Petersburg. They had […]