Microsoft releases an advisory and fix-it tool to disable SSL3 in Internet Explorer, recommends SSL 3 is disabled on all systems. It appears they are also disabling SSL3 on all their hosted internet services. I recommend we all do likewise. Continue reading
Monthly Archives: October 2014
Dollars for InfoSec News! Send them a couple!
If you subscribe to the InfoSecNews mailing list, as I have for several years, you know they provide valuable content. If you don’t, wander over to http://www.infosecnews.org/ and take a look at their content.
Join me in donating a $1 to help support their efforts! It’s all secured by PayPal.
Thanks for the awesome effort guys!
Help Fight for The Future defend the Internet!
FFTF’s Net neutrality campaign against big media appears to be paying off – according to them. As a collective group, we “The Internet” have fought off corporate mongers before. Can we do it again and permanently institute fair bandwidth allocation for all? Can we prevent big media from buying their way into first place across the internet, forcing everyone else into the background? Continue reading
Today’s news and notables
After a long hiatus, I’m finally going to post a blog entry! Yeah me! Continue reading
Happy Patch Tuesday! – Oracle, Adobe, Microsoft all release patches
Just when you were running around looking for something…ANYTHING…to do, three major IT vendors release a crapton of patches. Continue reading
SandWorm Zero-Day – CVE-2014-4114 – MS14-060 (UPDATED!)
Just came across the new zero-day in Windows which affects all versions. The patch should be available today under MS14-060, but I haven’t seen it yet to link it. It’s also not showing in WSUS. Continue reading
Suricata/Snorby multi-machine setup
Boredom and too many “junk” computers scattered around my home finally congealed into a small-scale IDS system. I’ve been toying with the idea of setting up Suricata to see how it compares to Snort, but I wanted to prototype a scalable multi-node system. I’ve done this in the past, but it’s been several years and ran Snort/Barnyard/ACID. So this isn’t a new idea, but I’m thinking about scaling out more with SSH-tunnels between multiple “scanners” and the “mothership.” Long-term the nodes would be all-in-one, low footprint plug-and-play units. Continue reading
Nessus can scan for ASA holes
Nessus just released a plugin to scan for the lastest Cisco ASA vulnerabilities. I haven’t yet heard of any IDS rules for this. I also have yet to try the plugin.
Kmart & Dairy Queen hacked!
Looks like cybercrooks planted malware on Dairy Queen and Kmart’s point of sale systems. Kmart customers are at risk of having their cards clone, but the company assured customers no personal information was at risk. Dairy Queen did not specify what data was impacted specifically, but did publish a list of affected stores.
Would chip & pin card tech mitigate these attacks?
Preview of next Patch Tuesday
Microsoft release the advanced notification today for October 2014, which includes three critical vulnerabilities for Windows, Internet Explorer and .NET. Other patches for Microsoft Office and MSDN will be released as well. Brace for impact.