START CONTENT
- New SSL attack called FREAK
- Has to do with falling RSA back to a deprecated and weak level
- Requires the client and server are both vulnerable
- The solution is to patch
- Many orgs will also want to note which servers were vulnerable
- The lesson is that you don’t reduce security to increase it
- Backdoors x time = regret
- Using Ruby’s Open-URI could be dangerous
- open-uri monkeypatches kernel.open
- open(params[:url]) can execute |ls
- Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense
- This seems highly suspect
- First you’re putting that data at risk in a personal system
- Second you’re obviously trying to hide your conversations
- Facebook can access your account without your password
- Google no longer encrypting Lollipop by default
- Was one of the main selling points for 5, and now it’s gone
- They said it was simply a driver issue
- DLink routers have a remote command injection bug
- Could allow DNS hijacking and other attacks
- ISIS has threatened some members of the Twitter team for disabling their accounts
- This really puts a point on public presence for me
- I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
- This works for personal attacks, not for countries obviously
- There has been some major fraud happening with people connecting stolen cards to ApplePay
- The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue
- Up to 18.8 non-Anthem customers exposed in the Anthem breach
- This is in addition to the 80 million actual anthem customers
- GoPro vulnerability on its website exposes customer Wi-fi passwords
- Uber took over 5 months to issue a breach notification
- There was a breach of driver names and license numbers that they just now disclosed
- Seagate NAS vulnerability allows unauthorized root access
- This raises the cloud storage issue I blogged about last week
END CONTENT
Notes
- Sorry about my voice on this one. I’m a bit sick. 🙁