Displaying items by tag: Exploit

Yesterday we wrote about a disturbing flaw in some D-Link routers that allow for a malicious individual to access it without a username or password. Shortly after we published the article we were reminded that this flaw does not just exist in D-Link hardware, but is also present in devices from many other companies that have SOHO and Residential products. The string for each might be different and in some cases harder to gain access to, but it is there.

Published in News

After the general announcement that Google’s Chrome exposes user information to capture, Google has come back with a reply. It seems that Google does not want anyone to know that there is a security hole in their flagship browser. They are continuing to claim that it is “the most secure” browser and that Chrome maintains user data in an encrypted format. They feel that there is nothing wrong and that the information being presented by Information Finders is no big deal. If Chrome is storing data then it will be encrypted… if your OS supports it and that it only collects this information if the user asks it to. It is a very interesting statement to be made given the information presented.

Published in News
ebook02

For those of you out there that might be laboring under the illusion that Apple products are safe and secure we have some bad news for you. Someone has developed a method of poisoning iPhones, iPads, iPods, well basically anything running iOS, through the use of their charging systems. This means that someone could sell you a compromised charger and take over your phone. This type of attack is hardware based and is almost impossible to get rid of; simply resetting the phone is not going to do it. This is also not the first time that someone has used Apple hardware to create a persistent infection. Not all that long ago someone showed how easy it was to infect the batteries on the MacBook and MacBook Pro. Even the Apple Bluetooth keyboard has been used to slip malware into Apple products.

Published in News
84

Whenever I read a headline that shows a company using very outdated software or hardware has been hacked; I find myself wondering if the people responsible for their IT and Finance departments are looking for new jobs. When it is a government agency it makes things even worse. Friday May 3rd I think things hit a peak as it has been revealed that nuclear researchers at the US Department of Energy had their computers compromised.

Published in News
Code

-43 days. That is how long Windows 8 lasted before a major malware tool was released for it Windows 8 is not even official and there is already a major exploit kit that covers it. Earlier today cyber criminals announced the launch of Black Hole 2. The original exploit kit was used in more than a few pieces of malware since it first was launched in Beta format in late 2010. The exploit kit is offered in almost like a cloud service (which brings us back to irony). You have to lease access to it so you can develop your malware. The pricing is pretty with a year lease going for only $1500. Despite the success of this exploit kit, like all enterprises you must grow or die.

Published in News
broken-lock

As we have been working with Windows 8 and Windows 2012 server we have become increasingly concerned about security. Although Microsoft has claimed that they have improved security through items like the locked UEFI boot process there are still glaring omissions in security that keep popping up very recently it was noted that despite the claims from Microsoft of a more secure login process the password hint is exposed in the SID database and easily recovered remotely. We also found that users’ contact lists are also left in the open (and in plain text) and available to anyone that can gain remote elevated privileges; which is what almost all Viruses and Malware try to do.

Published in Editorials
android-jelly-bean 1

It looks like Google is finally stepping up to the plate when it comes to security in their Android Smartphone OS. For a number of years now opponents of Google’s desert themed mobile OS have complained Android does not have sufficient security. This makes it an unsuitable operating system. The fact that a large portion of these complaints come from the competition (Apple and Microsoft) meant that they were ignored by the large majority of people. It is also noteworthy that the openness of Android has allowed for mobile phone makers to highly individualize their Android offerings instead of relying on the stock version. Consumers have eaten this up and now you can see people defending their favorite version (HTC’s Sense UI over Samsung etc.) It is a great feature to the OS and one that has helped in in the market.

Published in News

84A rather major, but basic flaw in the way that MySQL and MariaDB handle passwords has opened up both of these to brute force attacks and can allow the attacker to gain access in seconds. This flaw which exploits an issue in the way the passwords are checked using the memcmp function can be used as long as the attacker knows at least one user name. Considering that “root” is almost always in existence the password security on many MySQL and MariaDB databases is practically nonexistent.

Published in News

flashIt looks like there is another security flaw in Flash. The often beleaguered web animation/video player has been the vector of attack for more than one piece of malware in the last few years. Adobe has been working hard to keep up with all of the reported security issued with the browser plug-in as well as to find ones that have not been reported.

Published in News

News_light-virus-1Once upon a time Apple’s CEO and PR department constructed a mythology around the computers and devices that they sold. This mythology was needed to compete in the market and at the time was very good for business (even if it was less than honest). The mythology in question was that Apple products were somehow manufactured differently (or better) and that they were unable to become infected with malicious code that we all have come to know and loathe; the computer virus.

Published in News
Page 2 of 3