Worms have been less of a problem in the world today because of two security features: DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. […]
Of SSL, Content Security, and Pesky Protocols
Sometimes we learn about protocols. Sometimes, we learn from protocols. The latter was the case for me as I set about evaluating various SSL/TLS website and Email test suites. SSL Online Test Suites The following three tools actually compliment each other, each providing unique functions not available in the other test suites. It is best […]
EFF: Who has your back?
The Electronic Frontier Foundation (EFF) puts together a ranking of companies with how well they stand up to your electronic freedom. The more stars, the better. From their original page here, these are 2017’s listings: Follows industry best practices Tells you about Gov’t data requests Promises not to sell out users Stands up to NSL […]
Verizon Wireless? Change your passwords.
The title of this post says it all; and it’s all over the news. NICE Systems, Ltd, an Israeli company, does backend call-center work for Verizon. In a project with Verizon, a cloud server from Amazon AWS S3 was used to store call center data in an effort to improve customer service. However, that data […]
Top Attacking Countries: June 2017
The US moved into the #2 spot, flip-flopping with the Ukraine at #3 when compare to Wordfence’s May summary:
Critical Patch Tuesday: 7/11/2017
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Debate: Technology, Privacy, and Law Enforcement
Wow. So, I’m trolling through TV channels and I came across a great debate on CSPAN on July 8th. It was originally aired live on June 6, 2017. The CSPAN broadcast can be found here. The debate was sponsored by Intelligence Squared, and their podcast of the debate can be found here. The Debate Question: […]
2017 HIPAA Violations: Lessons Learned
Introduction I’ve put together a brief list of reported HIPAA violations through 2017. Key points are listed below: Encrypt and password-protect any portable hard drives, laptops, cell phones, digital cameras, and any removable piece of medical equipment. Don’t upset the HIPAA Gods. You have 60 days from breach to when a customer receivers a […]
The Six Phases of a Project or Upgrade
This always brings a smile to my face: ENTHUSIASM Your idea has sparked into a full-fledged project. Woo Hoo! DISILLUSIONMENT Other organizations want their issues addressed by your project. There’s countless meetings. Well, it started out as a simple idea. Bummer. PANIC Bad scheduling, lack of resources, and incomplete follow-through occurs, and massive resources have […]
WordPress and Joomla Updates
There were two bugs discovered and fixed in the popular WordPress “WP Statistics” plugin. The first one is a SQL Injection vulnerability that could be exploited by a local, low-privileged user, like a “Subscriber” account. A SQL Injection attack could allow that subscriber to be able to add an “Administrator” account. About the time that […]