From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 660 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1553 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1091 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1056 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2110 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1830 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2100 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2078 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1857 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116503 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87424 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81978 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80290 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70943 times Read more...
Displaying items by tag: HTML5
HTML 5 getting closer
The World Wide Web Consortium (W3C) today took two important steps on the path of standardization for the new version of HTML. We now have a release "candidate recommendation" for Hypertext Markup Language 5, thus making it very clear that the development of HTML5 is coming to an end. Another important step is the issue of the first draft of the HTML5.1 standard, which is being developed in parallel with HTML5.
The New York Times ready for HTML5
Unlike their colleagues from BBC UK, The New York Times shows their maturity to deal with upcoming technologies. They have launched a new HTML5 web app for the iPad, and rumors are that they've done it to avoid Apple's high subscription fees that are inside the app. The app is available to both digital and home-delivery subscribers of their papers. The main goal for Denise Warren, senior VP and chief advertising officer of The New York Times Media Group, is to provide something new for their readers, and for them to have best reading experience no matter what platform they are reading the news on.
Netgear presents new NeoTV, NeoTV PRO and NeoTV Max streaming players
Netgear has decided to upgrade their existing line of media players and has come out with three new ones. They hope that these will be decent competition for Apple TV and Roku's streaming boxes. The basic model the Neo TV will be available for $49.99, while the NeoTV Pro and NeoTV MAX will go for $59.99 and $69.99 respectively. The new line will have HTML 5 support and more content sources compared to previous models, also it will have Push2TV media streamer for pushing media from smartphones or laptops to the big screen.
Old Vulnerability Found In New "Patched" Version of Java
There is nothing like finding a new bug in a patch that is meant to fix another one. This appears to be something that Oracle has done though. After releasing a rushed security patch for a rather serious vulnerability in Java the same company that found the first flaw, Security Explorations, has found another one. The first flaw affected any web browser that had the Java plug-in running and extended across multiple operating systems as well. It was the sort of flaw that everyone remembers when the security of someone’s products is brought up. Having a single major vulnerability in your software (and with malware that uses it in the wild) is bad enough, but to find another one in your most recent version is just bad news.
So long Adobe Flash
As of today, Adobe's Flash is officially removed from Google Play. They announced last November “we are focusing our work with Flash on PC browsing and mobile apps packaged with Adobe AIR, and will be discontinuing our development of the Flash Player for mobile browsers.“ Android 4.1 wont have any certified implementations of Flash Player. Adobe will use configuration settings in the Google Play Store to limit continued access to Flash Player updates to only those devices that already have Flash Player installed.
Adobe could be dumping Flash for Mobile
A report from ZDNet appears to be showing that Adobe might be dropping future efforts for their Flash Player in the mobile world. While there are probably more reasons for this than we will ever find out, the one that seems to be getting pushed is that Adobe is giving up on a losing battle. One site that offered this news to its readers even stated that Adobe Flash for mobile had only reached a fraction of the market. Well this is true as ½ is a fraction.
The original push to bring Flash to the mobile market was something of a pride thing between Adobe and Steve Jobs. At the same time we also saw Adobe working on hardware acceleration for some of their other plug-ins like Air and Edge. The thing is that as browsers both mobile and desktop move forward they are discovering (well they really always knew) that plug-ins are gigantic security holes, this is true for ANY plug-in not just Flash. If you follow security in the PC and mobile world at all you will find that this is very true and you will also see that browsers like IE, FireFox, Chrome and Safari are becoming les plug-in friendly. In fact FireFox 8 and the mobile FireFox have kicked out even more plug-ins than before.
This is Adobe’s motivation; they know that in the very near future they are going to have a very hard time getting their Flash plug-in to work at all. So they are kicking their work into CSS and HTML5 into high gear (something they should have done before). You will hear from multiple sites that this is Apple “winning out” or that Steve Jobs was right. Neither of these is completely true. Apple has yet to realize HTML5 for most of their sites and continues to use their proprietary QuickTime plug in for their movie trailer site and for much of the code on Apple.com (although the mobile is moving to HTML5). As for Steve Jobs being right; well the Adobe/Apple feud was about more than Flash on the iPhone. There was a time when Adobe optimized everything for Apple. If you wanted to run Photoshop with blazing speed, you bought a Mac. After Apple dumped the Power PC processor and forced Adobe to dump years of effort into optimizing for RISC (reduced instruction set) processors Adobe did an about face and began to optimize for Windows. To make matters worse after Apple jumped on the OpenCL bandwagon Adobe partnered up with nVidia to accelerate their applications with the closed source CUDA platform instead of the open standards found in OpenCL.
So you see this Flash Vs Apple war has been a long time in coming and it was the pride of two very large Egos that brought it out into the open. I am happy to see the plug-in go IF the replacement is more efficient and allows a better cross platform experience.
Source ZDNet
Discuss in our Forum
Hello Pot, My name’s Kettle
In what has to be humorous to those of us that called this last year (yes I was one of them) it has now come out that HTML5 is more full of holes than your average sieve. According to a study out now it appears that HTML5 opens up some serious risks including allowing malicious code to execute cross-domain APIs, ClickJacking, Frame impersonation and worse. One of the problems is that HTML5 (like many other things from Apple) is not compatible with other standards on the net. Some of the “security” features that exist on to prevent cross scripting and window framing (where you put a frame inside a legitimate window to execute malicious code) are rendered useless by the technology in HTML5.
Other items that are bundled into the code are vulnerabilities that allow a service to register itself as a content handler without notifying the user, and a caching API that can be skimmed to collect user information (location, time of last visit and possible the actual page visited) in much the same way that Google’s Chrome browser can. In all there are some 50 Vulnerabilities that were listed in the report which is of serious concern considering Apple’s push to put this technology in place. Perhaps Apple feels that they can ignore these and continue on with their charmed life, or that their OS would be impervious to any threats. No matter the cause, considering Steve Jobs’ impassioned rants about Adobe and how their products are security risks it is more than a little amusing.
Source The Inquirer
Talk about this in our Forum
Does the SmartPhone Industry need another player?
While cruising around the web looking for something interesting to write about I stumbled upon a hastily written article about a new mobile OS from Mozilla. Thinking this was something interesting I headed over to Mozilla’s Wiki website to read more, what I found was as concerning as it was interesting. For those that do not know, Mozilla is the creative force behind such open source applications as FireFox and Thunderbird. These two have been in competition with Microsoft’s Internet Explorer and to a lesser degree Outlook. The question is can they compete with companies like Google and Apple in addition to Microsoft. Now all of this is the interesting part, what is concerning is the fact that they want your mobile OS to be all cloud based. They do not come out and say this directly but they say “Mozilla believes that the web can displace proprietary, single-vendor stacks for application development. To make open web technologies a better basis for future applications on mobile and desktop alike”