Home Security

Security

Short News: OpenSSL…”FREAK” attack

And once again an OpenSSL vulnerability has been disclosed. It was disclosed by Karthikeyan Bhargavan and the mitLS team. As every vulnerability needs a fancy name these days, this one is called FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be […]

Dropbox syncs all your files on the same partition!

[Please read the update at the bottom!] While working on setting up Data Leakage Protection Endpoint in a production environment, Security Specialist Mekin Pensen discovered that Dropbox touches way more files than it actually should. In his test, he installed Dropbox to the C: Partition of his windows computer and opted-in for selective sync, which states […]

Three SSL/TLS Tools you need to know!

Not only when working on IT-Security related things but also for daily sysadmin stuff, it’s essential to have the right tool to do the job. Below are my three favorite tools I use when configuring, debugging and researching SSL/TLS related things. Let’s face it… with all these recent issues, it’s necessary to deal with SSL […]

Lenovos Superfish security nightmare.

Software pre-installed by the hardware manufacturer is rarely useful. That’s nothing new. Most system administrators are re-installing notebooks and computers before they’re using them.  This is probably the reason that this security nightmare has not been discovered before. Lenovo is a known brand for its business notebooks. Chris Palmer, a developer working for Google on […]

Short News: Forbes.com hacked back in November

Forbes released a blog post about an attack targeting forbes.com visitors back in November. While I visited the Blog and found that “Thought of the Day” pretty useless (and one more click before seeing the content), it’s kind of ironical that it was in Flash once (doesn’t seem to be the case anymore) and it […]

Short News: Health Insurer Anthem data breach

Anthem Inc. (previously Wellpoint Inc.) is one of the largest health insurance companies in the United States. They’ve released a FAQ page about this data breach which could possibly affect 69 million persons (figures from their website). We are working around the clock to determine how many people have been impacted and will notify all […]

Force Flash update by command line

Flash got an auto updater. It can however take some time until patches are detected and applied to the system. Especially for Flash 0-Day exploits, Flash updates can be critical and should be applied immediately. I leave it up to you how to auto-apply these forced updates to all your clients. Let’s get started! Forcing […]

Another Flash 0-Day: CVE-2015-0313

Looks like we can’t have two weeks without a flash 0-Day. Today, Feb 2nd, Adobe released another security advisory revealing CVE-2015-0313.  Adobe says that they’re aware of this Flash exploit being actively abused (they’re probably referring to the TendMicro blogpost). Successful exploitation could cause a crash and potentially allow an attacker to take control of […]