News

Irony is one of those things that is not appreciated by security guys. They do not find humor in it nor do they enjoy it when someone points an ironic situation involving them out. This has to be the case for the privacy company LifeLock. A pair of security researchers (Eric Taylor and Blake Welsh) have found an interesting feature in LifeLock’s web site. The flaw allows for a cross-site scripting attack to be used to do a fair amount of damage including injecting malware.

When you use a search engine like Yahoo or Google you expect to get relevant results for your efforts.  In many cases this does really happen, but often times we enter what we are looking for and find very little that relates to the actual search. One of the reasons for this is (and has been for a long time) the ability of search providers to artificially alter the search results through internal ranking systems.  Google and Yahoo both have done this in the past and in some cases with good reason.

Cisco has acknowledged (and released patches for) a fairly serious security bug in three of their virtual appliances that, oddly enough, are related to security. The three products in question are the Cisco Web Security Virtual Appliance, the Email Security Virtual Appliance and the Security Management Virtual Appliance. These three devices all share a default preinstalled SSH encryption key. This meddlesome little fact means that it is very simple to get into an SSH session because you can grab the key off of another copy of the product. We are pretty sure that the default keys are already floating around on the internet somewhere as well.

Over the course of its development there has been a lot to like about Windows 10. There seems to be a good blend of the traditional Windows desktop with some of the touch-centric features that Microsoft tried to force in Windows 8. You are also getting more than a few performance improvements including DX12. If you have not heard about all of the goodness in DX12 you are in for quite a pleasant surprise. However, despite all of the good there is in Windows 10 there seems to be a group at Microsoft that have still not learned lessons from the past.