Microsoft’s September 2017 Patch Tuesday is a real humdinger, even exceeding August’s Patch Tuesday; encompassing 259 security patches covering 82 vulnerabilities. Windows 7: 22 vulnerabilities of which three are rated critical, 19 important Windows 8.1: 26 vulnerabilities of which four are rated critical, 22 important Windows 10 version 1703: 25 vulnerabilities of which two are […]
Equifax Hacked
Holy crap, Batman! Yes, the company of last resort to protect your identity has just coughed it up. This breach included the Social Security Numbers of 143 Million Americans, a little less that half of the US population. Equifax reports that over 209,000 credit card numbers were stolen, along with identifying information (PCI) for 182,000 […]
The Insecurity of Journalism
Bruce Schneier had an interesting post last week on how insecure journalists are. It turned out to be quite an animated discussion. As I commented therein, I really doubt that your typical newspaper reporter gets much cybersecurity, or even cyber-awareness, training in journalism school. There are no whistle-blowers that go to traditional media anymore, a […]
How To Monetize Your Job In Security
I am very happy that the Adobe Flash Player is finally getting killed off. It is the single most bug-ridden program that has ever existed on this planet. Even worse is that many people think that anything-Abobe is Open Source when, in fact, it is anything but. Nowadays, most websites have converted Flash content to […]
Of NSA Vulnerability Disclosures and Cyber-Command
Wow. That’s a lengthy title that covers just about anything. Really, this is just a sounding-out of what’s been happening in the Spy business lately. Vulnerability Disclosure To start with, there’s a good read on Lawfare, entitled “No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession“. It was written by Rick Ledgett, Deputy […]
BOLO: Defray Ransomware
Proofpoint has identified a new type of ransomware called “Defray“. Two highly-targeted ransomware attacks have been directed at the Healthcare and Education sector, and another at the Manufacturing and Technology sector. As Proofpoint points out, the attack is not of the “spray and pray” variety like most other ransomware attacks. This suggests a very specific threat actor. […]
Fun With Windows 10’s Utility Menu
Writer David Pogue mentions a useful Windows 10 Utility Menu available for technicians and power users. It is simply invoked using the keys WINDOWS + X. Yes, depressing the Windows and “x” keys simultaneously brings up a Windows 10 utility menu with all the good stuff you need:
Top Attacking Countries: July 2017
The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
Has Your Password Been Pwned?
Microsoft’s Troy Hunt has outdone himself. His site is the “Go To” authority for compromised Email accounts. Now, he has added a compilation of exploited passwords, over 320 Million of them. You can check if any of your passwords *might* be compromised here: https://haveibeenpwned.com/Passwords If any of your passwords are listed, you should change them […]
Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher
I was reading an article about “Detecting Stingrays” at Schneier’s forum when I came across a post from Omar requesting a code review of an enhanced Rinjdael cipher developed in Iraq: Omar A. Dawood, Abdul Monem S. Rahma, Abdul Mohssen J. Abdul Hossen,”New Symmetric Cipher Fast Algorithm of Revertible Operations’ Queen (FAROQ) Cipher”, International Journal of […]