Friday, February 26, 2016

Return of the Stealth

So I am back on this blog. Just got rid of my old hosting. Was going to try tumblr, but chose to use google domains with blogger for full google integration. Not stuck on it, so we will see how it goes.

I attended AHA last night after a long, long absence.

I need to get ready for BSides Austin.

Thats all i got. later.

Friday, January 21, 2011

Latest Security Breaches

So all of a sudden lately we have seen a bit of a rise in breaches going on:

Gawker
http://gawker.com/5713056/gawker-security-breach-were-here-to-help

This one was a compromise of user/password information. Reminds us not to use the same password for different sites. Password management software is good to use.

IBM Developer
http://www.computerworld.com/s/article/9204300/IBM_DeveloperWorks_site_hacked_and_defaced

Website defacement of one of IBM's sites. Here we learn that we need to do web app testing. It is stated that IBM was doing maintenance during the hack. That sounds like some good timing, but if it is the case, then take some protective measures as you "perform maintenance/pull down your pants to use the bathroom".

Trapster
http://www.computerworld.com/s/article/9205660/
Another user/password compromise. Trapster Iphone/Droid apps dont require registration but those who have, may have been compromised. Another Gawker type incident. Tweet from this incident:
"Don't use the same password on multiple sites!"

Lush Cosmetics
http://www.theregister.co.uk/2011/01/21/lush_cosmetics_hack_attack/
Website attack that resulted in the loss of credit card data. Makes you think twice who you decide to shop with.

Friday, January 14, 2011

0 Day Vulnerability in MS Windows | How to prevent compromise

MS has not released a patch for this vulnerability, but here are some steps to protect yourself.

1 - Don't use an account that has admin rights as your primary user account. Have an admin account but only use it to install applications. There is a way to run a exe as another user.

2. Run a fix it if provided. In this case for this vuln, a fix it is provided by MS.

3. Be careful what you open. Social engineering is how a lot of hackers rely on successfully gaining access to peoples systems.

Here is a video displaying this exploit in action:

Microsoft Patching: 0day still around and no forecasted release date

Microsoft Tuesday was a few days ago and no patch was released for the graphics rendering engine vulnerability. In a web conference, when asked when the patch was going to be released, Microsoft said they would not forecast a date. I understand this. I just wonder how mad they are with google researchers, when for the 2nd time(that I know) they release an exploit to force Microsoft to work hard for a fix.

MS is probably getting upset with these guys. Way I see it, its their fault. Take these guys more seriously.

Anyways, check out this site for a workaround:

http://support.microsoft.com/kb/2490606

I am working on putting out a video of how this could be exploited. Microsoft and IBM Xforce report that this is not being exploited in the wild.

Thursday, January 13, 2011

BSides Austin 2011

So it time once again for BSides to come to Austin. Even better than last year with 2 Days. Mark March 11 and 12 on your calendar and register here.

http://bsidesaustin2011.eventbrite.com/

I have also made some changes to the site. I was at my own hosting, dumped that. Then i was at tumblr, bumped that. Now I am at blogger. Hopefully this works out. I think it will.

Thanks for following.