Microsoft releases an advisory and fix-it tool to disable SSL3 in Internet Explorer, recommends SSL 3 is disabled on all systems.  It appears they are also disabling SSL3 on all their hosted internet services.  I recommend we all do likewise. Continue reading →

If you subscribe to the InfoSecNews mailing list, as I have for several years, you know they provide valuable content.  If you don’t, wander over to http://www.infosecnews.org/ and take a look at their content.

Join me in donating a $1 to help support their efforts!  It’s all secured by PayPal.

Thanks for the awesome effort guys!

FFTF’s Net neutrality campaign against big media appears to be paying off – according to them.  As a collective group, we “The Internet” have fought off corporate mongers before.  Can we do it again and permanently institute fair bandwidth allocation for all?  Can we prevent big media from buying their way into first place across the internet, forcing everyone else into the background? Continue reading →

After a long hiatus, I’m finally going to post a blog entry!  Yeah me! Continue reading →

Just when you were running around looking for something…ANYTHING…to do, three major IT vendors release a crapton of patches. Continue reading →

Just came across the new zero-day in Windows which affects all versions.  The patch should be available today under MS14-060, but I haven’t seen it yet to link it.  It’s also not showing in WSUS. Continue reading →

Boredom and too many “junk” computers scattered around my home finally congealed into a small-scale IDS system.  I’ve been toying with the idea of setting up Suricata to see how it compares to Snort, but I wanted to prototype a scalable multi-node system.  I’ve done this in the past, but it’s been several years and ran Snort/Barnyard/ACID.  So this isn’t a new idea, but I’m thinking about scaling out more with SSH-tunnels between multiple “scanners” and the “mothership.”  Long-term the nodes would be all-in-one, low footprint plug-and-play units. Continue reading →

Nessus just released a plugin to scan for the lastest Cisco ASA vulnerabilities.  I haven’t yet heard of any IDS rules for this.  I also have yet to try the plugin.

Looks like cybercrooks planted malware on Dairy Queen and Kmart’s point of sale systems.  Kmart customers are at risk of having their cards clone, but the company assured customers no personal information was at risk.  Dairy Queen did not specify what data was impacted specifically, but did publish a list of affected stores.

Would chip & pin card tech mitigate these attacks?

Microsoft release the advanced notification today for October 2014, which includes three critical vulnerabilities for Windows, Internet Explorer and .NET.  Other patches for Microsoft Office and MSDN will be released as well.  Brace for impact.