Tag: security

  • RDP – the gift that keeps on giving

    RDP – the gift that keeps on giving

    It’s long been known (at least in security circles) that the RDP protocol, as well as client and server implementations, are horribly broken. While a BlueKeep (the most recent RDP vulnerability) worm has yet to surface, brute-force password attacks on RDP services are a dime a dozen and occurring at a rapid rate. PoC code…

  • The great web developer con

    The great web developer con

    Another day, another dodgy web developer story. The premise: We would like to offer you a website design for X amount. But to do so, we need to transfer your domain to us. This tale is a pretty old one but it appears to be flourishing – the lure of a good once-off price for…

  • DMARC: optimising email delivery

    DMARC: optimising email delivery

    Email is a fickle thing … There are a huge amount of dependencies involved in what seems like a small task – sending an email. What started out as a simple method of exchanging messages has morphed over the years into a cobbled-together monster as needs changed and especially businesses required a more robust and…

  • Security – Hell in a handbasket

    The last 2 weeks have really been a bad time for security news and one has to hope things will change for the better; if not, the headline says it all! BlueKeep Microsoft released a security patch 2 weeks ago related to Windows Remote Desktop Protocol (RDP) which is used to remote access Windows systems.…

  • Vuln mitigation and INtel MDS – the spectre looms

    Vuln mitigation and INtel MDS – the spectre looms

    Spectre and Meltdown a have been with us for just over a year now and even with all the predictions of dire consequences, we have yet to see any in-the-wild code snippets or attacks beyond theoretical POCs. So the question to ask is whether we should be losing a lot of hardware performance (most of…

  • A lesson in supply chain attacks

    A lesson in supply chain attacks

    What happens when the websites we visit and the companies we depend on to provide us with information, are compromised? Supply chain attacks go to the root of information we depend on rather than attack us directly. A recent attack on the Asus infrastructure paints the exact scenario for supply chain attacks. Attackers compromised an…

  • 2018 the year of the hacked router

    2018 the year of the hacked router

    I’ve spoken in depth on consumer (and some enterprise) router security issues.  In brief summary, these devices are pieces of scrap that are full of vulnerabilities and very seldom get updated to fix issues. It’s no coincidence that this year has seen an exponential growth in attacks on routers as well as botnets making use…

  • (S)RUM

    Veronica Schmitt, a senior digital forensic scientist at DFIRLABS, recently featured on Paul’s Security Weekly, showcasing the Microsoft SRUM system tool (System Resource Utilization Monitor). SRUM was first introduced in Windows 8, and was a new feature designed to track system resource utilization such as CPU cycles, network activity, power consumption, etc. Analysts can use…

  • Loki god of …?

    Loki god of …?

    In the field of IT Security, one learns very quickly that there’s always another security risk around the corner. An old favourite, the Loki Botnet, is back for another bite of the pie shortly after the fun with WannaCry a week ago. ( Loki a god in Norse mythology, was sometimes good and sometimes bad.…

  • Facebook, Cambridge Analytica and your digital data

    Facebook, Cambridge Analytica and your digital data

    The recent Facebook/CA fiasco should be known to most people by now but here is a brief rundown in case you’re unaware. Aleksander Kogan, a Russian-American researcher, worked as a lecturer at Cambridge University, which has a Psychometrics Centre. The Centre advises to be able to use data from Facebook (including “likes”) to ascertain people’s personality traits.…

  • Meltdown and Spectre – hardware gone wild!

    Meltdown and Spectre – hardware gone wild!

    We’ve had some big doozies over the last 2 years from a security point of view, but the latest CPU hardware-related bugs called Spectre and Meltdown, that started making headlines early last week, surely take the cake. One has to be careful though in classifying these as bugs, because those affected would say these were…

  • South African Security (Fails)

    It’s been a while since my last post but recent events in SA around security have prompted me to write this post. It starts with an open website containing what is now believed to be upwards of 70 million entries for names, ID numbers, income, addresses and other information on South African citizens/residents including possibly…

  • A little bit of ransomware with that Sauerkraut?

    A little bit of ransomware with that Sauerkraut?

    This past weekend’s shenanigans with WannaCry have been painful for many people. But the simple fact is that solutions for this specific issue ( and many others ) have been available for a long time. The initial patch for the MS17-101 issue was released by Microsoft in March 2017. Didn’t update? Many AV vendors have…

  • The NSA and Ransomware. Oh and a bit of HPE on the side.

    The NSA and Ransomware. Oh and a bit of HPE on the side.

    If ever there was a perfect example of stupidity, the new highly virulent strain of WanaCrypt ransomware that is currently spreading like wildfire, is it. And that stupidity is care of the NSA; who in their infinite wisdom, wrote exploits based on 0-day vulnerabilities that should have been reported to the relevant vendors, but was…

  • Symantec, Google and the SSL Monkey

    Symantec, Google and the SSL Monkey

    Some education first PKI or Public Key Infrastructure is a technology that allows website visitors to trust SSL certificates presented by SSL encrypted websites. An example is when you visit your Internet Banking website – you can verify the authenticity of the site by checking the SSL Certificate of the site ( ie. clicking on…