From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 649 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1544 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1087 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1046 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2106 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1824 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2094 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2072 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1853 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116500 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87416 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81968 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80287 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70936 times Read more...
Displaying items by tag: Development
Microsoft Visual Studio Marketplace Found to Have Malicious Extensions Targeting Developers
Attackers are always looking to get targets coming and going. As such you have a very rich ecosystem of attack types to cover as much ground as possible. A concerning one has always been direct supply chain attacks. These attacks seek to compromise software during the development stage, so the malicious pieces get bundled into the released code and signed with a trusted certificate. The highly publicized attack on SolarWinds is one of those types of attacks and shows just how effective and dangerous they can be. Supply chain attacks some in multiple flavors including (but certainly not limited to) compromising code repositories, poisoned plugins or open-source packages, and targeting of developer systems.
Meta is Dabbling in AI Too with ImageBind Hoping to Mimic Human Perception
If I were to build a list of companies that I would not want to build an AI project Meta, the parent company of Facebook is probably sitting at the top of the list. Yet here we are with a company known for manipulating users, user data and a proven habit of abusing the information it has. Meta is building an AI tool they are calling ImageBind that looks to expand on AI currently understands an environment. Most current AI image generators are (in very simple terms) texts to image generators. They take input in the form of words and create an image from learned input (again in very simple terms).
Who do you trust with AI? Well… No One
The other day while wading through the sludge that is the internet, I stumbled across a poll on Twitter asking the binary question “Who do you trust more with AI; Bill Gates or Elon Musk?” This led to a fun few hours diving deeper into that particular rabbit hole. I stumbled across articles where Bill Gates talks about AI via interviews as well as some interviews of Elon where he disparages Gates’ grasp on AI. Like I said, fun.
The Dangers of AI; I Think I Have Seen this Movie Before
If you are a fan of science fiction movies, then you have probably seen multiple movies where an AI (Artificial Intelligence) has gone mad and decided that humankind needed to be eradicated. Everything from the Terminator series, through to the Matrix warns us of the dangers of creating something that is smarter and more powerful than ourselves. Of course, these are works of fiction, but they do represent an understanding of humankind’s hubris when it comes to creating artificial intelligence.
Open Source Takes Another Hit as 3rd Protestware Shows up in NPM Repository
The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see this in just about every development space from large to small. Having helpful sources of working code can speed up the development lifecycle and allow for greater interoperability as many applications use the same dependencies and core functions. The open source community is a great resource and typically is one that you can trust to pull code from.
Job Listings Show Up on Irrational Games' Website... Let's Hope they are Real **Update**
One sad thing about the gaming world is the far too many great development studios seem to fade away and be absorbed by the big companies. If you look at the past we can see this repeated over and over again. One of the most recent to be assimilated is Irrational Games. This dev house was, in many ways, the spiritual successor of Looking Glass Studios who was responsible for the original System Shock and Thief. These two games gave us entirely new ways to move through a game world and have been the inspiration for a number of games since then.
8k is the Next Golden Age of Gaming
When I first started covering the computer world the most common resolution was 640x680 with the hard core gamers getting 800x600. The dream of the day, which some called the golden age of gaming, was 1600x1200 with around 30Fps. Now the dream is “photo realistic” resolutions without the need for heavy anti-aliasing and texture filtering. Even in the mobile world this is becoming a bigger issue with retina displays on the Apple side of the world and 3 and 4k screens on the PC side.
Apple pulls iOS 8.0.1 an hour after it launches
Although there is enough news about the new iPhones and iOS8 already we thought we would finally chime in since there are now around six separate stories about the new device from Apple. We are seeing everything from high cellular usage to the phones bending in someone’s pocket. Apple, to their credit actually rushed out a fix for many of these issues… sadly the fix appears to make things worse.
Most Developers Do Not Understand Basic Application Security
A new report from security research firm, Aspect Security confirms what we have been saying for years: developers simply do not know how to secure their applications. In a recent study where a group of developers were asked questions on security Aspect found that about 80% of them did not know how to protect sensitive data. This is something that we have found in our experience in dealing with vendors and other application developers.
Window 9 Start Menu Allegedly Shown Off in Leaked Video
As the title of this article suggests there is another new video on the internet that claims to show the Windows 9 menu and how it all works. The appearance of the video comes on the heels of more than one alleged screen shot and some other items that have leaked from Microsoft themselves. As we all know Microsoft has a lot riding on the next version of Windows simply because of the lack of consumer acceptance that Windows 8.x has had.