From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 696 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1575 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1109 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1080 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2130 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1850 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2122 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2097 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1890 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116522 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87467 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82025 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80334 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70985 times Read more...
Displaying items by tag: Data Collection
Microsoft Tries to Fight Back Against NSA Cooperation Claims
Microsoft is taking great exception to the reports of their cooperation with the NSA. It seems they do not feel the reports that they have given encryption keys, created backdoors or unrestricted access to their servers is fair. Instead they are releasing some information in the hopes that they can prove they did not do anything wrong. Sadly, as is always the case, what they leave out of their statements is as important as what is in them and there is some fairly eye opening information in their actual statement.
Google has to change their privacy policies in the UK
Google at the beginning of 2012 changed their policy regarding the privacy of users of their services. Despite the fact that months earlier they warned users about future changes, users did not have too many choices, they could continue to use the service under the new rules or cancel the services.
When Transparent Becomes More Opaque…
After the massive leak about the NSA’s PRISM project many people are understandably upset and members of congress have been pulled into closed door meetings to be briefed on the details of what the program is doing. At the same time the companies named in the leaked slides are rushing to perform damage control and protect their businesses from losing customers. So far most of these have come as flat-out denials of any complicity or knowledge of project PRISM. Sadly, even if they were involved most National Security Letters or data requests also come with a gag order preventing them from giving any details or even acknowledging the event. This makes the claims from Microsoft, Google and others seem a tad hollow in the face of what is going on.
The White House Throws Privacy Out The Window to Push an Agenda
The collection of personal data has reach an all-time high (or low as the case may be) today as it has been announced that a massive database of voter personal information has been released for the expressed purpose of advancing a political agenda. According to a statement made by the political action group OFA (Organizing for Action) the Obama campaign has given them access to their database of voter information. The database has more than personal information of more than 4 Million Donors and millions of other voters. The data is a collection of personal information including Facebook interactions (Friends and likes) Cell Phone numbers and more.
Google Did Not Delete All Of Personal Data Their Street View Cars Grabbed As Promised
Google is not exactly looking good right now. It appears that despite being ordered to delete the data that they illegally captured from people in the UK through WiFi sniffers it put into its street view cars back in 2010. Google originally tried to claim that they did not collect any data. Then after it was proven they did that it was all due to a rouge programmer that did everything without authorization. This excuse did not hold up either when it was shown that people in management not only knew, but approved the collection.
Path is not the only app that has access to contact list data...
A couple of weeks ago there was an uproar over the data collection practices of the iPhone social networking app Path. This app was intended to allow users to have a more intimate social networking experience. Well like an intimate partner they appear to have been going through some of their users personal information. In fact Path was requesting and uploading users contacts lists; including phone numbers, email addresses, physical addresses, and anything else that was attached to the contact in question (there is a lot you can put in a contact entry).
CarrierIQ is a Keylogger after all; maybe…
After hearing from some of the top security analysts that CarrierIQ did not have any means of logging key strokes on a mobile device we now find that it does have that and can be asked to transmit the data to CarrierIQ. Additionally there is evidence that CarrierIQ has captured SMS messages (due to a programming “glitch”). This new information came out of the letters sent in response to Senator Al Franken’s direct questions to CarrierIQ and the companies that utilize the software.