Author: Chris

FFTF’s Net neutrality campaign against big media appears to be paying off – according to them.  As a collective group, we “The Internet” have fought off corporate mongers before.  Can we do it again and permanently institute fair bandwidth allocation for all?  Can we prevent big media from buying their way into first place across the internet, forcing everyone else into the background? Continue reading “Help Fight for The Future defend the Internet!”

After a long hiatus, I’m finally going to post a blog entry!  Yeah me! Continue reading “Today’s news and notables”

Just when you were running around looking for something…ANYTHING…to do, three major IT vendors release a crapton of patches. Continue reading “Happy Patch Tuesday! – Oracle, Adobe, Microsoft all release patches”

Just came across the new zero-day in Windows which affects all versions.  The patch should be available today under MS14-060, but I haven’t seen it yet to link it.  It’s also not showing in WSUS. Continue reading “SandWorm Zero-Day – CVE-2014-4114 – MS14-060 (UPDATED!)”

Boredom and too many “junk” computers scattered around my home finally congealed into a small-scale IDS system.  I’ve been toying with the idea of setting up Suricata to see how it compares to Snort, but I wanted to prototype a scalable multi-node system.  I’ve done this in the past, but it’s been several years and ran Snort/Barnyard/ACID.  So this isn’t a new idea, but I’m thinking about scaling out more with SSH-tunnels between multiple “scanners” and the “mothership.”  Long-term the nodes would be all-in-one, low footprint plug-and-play units. Continue reading “Suricata/Snorby multi-machine setup”

Nessus just released a plugin to scan for the lastest Cisco ASA vulnerabilities.  I haven’t yet heard of any IDS rules for this.  I also have yet to try the plugin.

Looks like cybercrooks planted malware on Dairy Queen and Kmart’s point of sale systems.  Kmart customers are at risk of having their cards clone, but the company assured customers no personal information was at risk.  Dairy Queen did not specify what data was impacted specifically, but did publish a list of affected stores.

Would chip & pin card tech mitigate these attacks?

Microsoft release the advanced notification today for October 2014, which includes three critical vulnerabilities for Windows, Internet Explorer and .NET.  Other patches for Microsoft Office and MSDN will be released as well.  Brace for impact.

Two methods, which I’m posting here for my own sanity next time I need them:

Recovery Mode
Changing the Grub Linux INIT String

I’ve used the init string method a few times without bothering to check the recovery console.  Hopefully some time in the future, I will document the whole process myself and post it here for posterity’s sake.

Updates to my post from yesterday on the ASA vulnerabilities: Continue reading “Updates to CISCO-SA-20141008-ASA – Patch now if you run IKE, SSL VPN or DNS inspection!”