Security Weekly News 30 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Real IT/security talent will work where they make a difference, not where they reduce costs, “align w/business,” or serve other lame ends.” – Richard Bejtlich “woodworking tools do not make chairs == security tools do not make security.” – …

Security Weekly News 30 December 2010 – Full list

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Privacy General Tools Funny Hacking Incidents / Cybercrime   Gawker was hacked six months ago, say sources close to Gnosis  [www.guardian.co.uk] Server was cracked using 'local file inclusion' weakness and hacking group then worked through …

Security Weekly News 23 December 2010 – Summary

Some of you might like the following article I put together last week: https://7asecurity.com/blog/2010/12/migitating-isp-disruption.html  You should not be using IE, in general, but because of this New Internet Explorer vulnerability affecting all versions of IE if you do, now you have yet another reason to switch to Firefox + NoScript and if you are paranoid …

Security Weekly News 23 December 2010 – Full List

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Privacy Mobile Security Cryptography / Encryption General Tools Funny Hacking Incidents / Cybercrime Gardai prepare file on welfare officer  [www.independent.ie] Gardai are expected to send a file to the Director of Public Prosecutions (DPP) in …

Migitating ISP disruption

The problem There was an unexpected challenge to put together the security weekly news last night: My ISP mistakenly thought I had not paid my bills last month and decided to disrupt my web browsing experience by displaying a web page that said something like “information page … you have not paid x,y,z .. to …

Security Weekly News 16 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Any reliance on a generic scanning tool as your primary security control is nothing more than a false sense of security and a disaster waiting to happen. ” – Michael Coates “Instead of asking why Gawker leaked all those …

Security Weekly News 16 December 2010 – Full List

Category Index   Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Cryptography / Encryption Privacy General Tools Funny Hacking Incidents / Cybercrime   The Real Lessons Of Gawker’s Security Mess  [blogs.forbes.com] Gossip site Gawker has experienced a large data breach whose scale fully came to light …

Security Weekly News 09 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Porting all those security fixes in PHP 5 back to PHP 4.4.9 is a PITA” – Steffan Esser (Still using PHP 4? Good luck!) “Criticizing WAF tech is so “2009” – AppSec is so difficult, you need to use …

Security Weekly News 09 December 2010 – Full List

Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Privacy Cloud Security Tools General Funny Hacking Incidents / Cybercrime WikiLeaks backers hit MasterCard and Visa in cyberstrike  [www.reuters.com] Credit card giants MasterCard and Visa came under intense cyber attack on Wednesday as supporters of …

Security Weekly News 02 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “OWASP top 10 is in danger of becoming the pci of the app layer. it’s not enough” – Gal Shpantzer “Remember deceivers tend to actually engage in greater eye contact not less. The myth of looking away to lie …