The Oracle of Security Flaws

When it comes to patching vulnerabilities, Oracle does nothing small. In its latest quarterly CPU (Critical Patch Update), the database giant hands its customers 169 new security fixes affecting many products. The full patch matrix is here. SiliconANGLE offers a decent analysis of the vulnerabilities and patches. From Maria Deutscher's report: One flaw that drew an outsized amount of attention is a misconfiguration affecting the enterprise technology stalwart’s popular E-Business ...

Continue reading

“Hackers. It’s time to Unite”

Last week I wrote about the new anti-hacking laws President Obama plans to float in his State of the Union address and how the proposals are Draconian at best. I noted that it's in our power to educate the masses and stop this thing before it becomes law. To that end, I have something to share with you. Derek Watson -- better known in the security community as Blak Dayz (@...

Continue reading

Bad Anti-Hacking Laws: We Can Educate the Public

There's much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week. The alarm is justified. What he proposes, as my friend Rob Graham (@ErrataRob) wrote in this important post, "are blunt political solutions which reflect no technical understanding of the problem." Obama's proposed anti-hacking laws are designed to arm companies with legal protections for sharing information ...

Continue reading

PLXsert warns of Spike DDoS Toolkit

Akamai’s Prolexic Security Engineering and Research Team (PLXsert) is tracking the spread of Spike, a new malware toolkit that poses a threat to embedded devices, as well as Linux and Windows systems. Several versions of Spike can communicate and execute commands to infected Windows, desktop Linux and ARM-based devices running the Linux operating system (OS), PLXsert said in an advisory Wednesday morning. From the advisory: Binary payloads from this ...

Continue reading

Data Breach Victims or Enablers?

Back in May,  my good friend Eric Cowperthwaite caused a stir with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends passionately disagreed. My thinking on the matter continues to evolve. But as is usually the case, my thinking takes me to the middle. Companies that suffer a breach -- Home Depot and Target have been among this year's biggest poster children ...

Continue reading

After 9-11, Fear Made Us Stupid

Included in all the tweets and Facebook postings about the 13th anniversary of 9-11 yesterday was this from friend and co-worker Martin McKeay: Never forget 9/11 and terrorism. But don't forget how many rights have been taken from us in the name of fighting terrorism. He's got that right. There's been plenty of outrage in recent years over the U.S. government running wild, violating our privacy in the name of ...

Continue reading

Exposing Gregory Evans: It Can Be Done

Thanks to the efforts of Attrition.org, we've known for years that LIGATT Security and Gregory Evans can't be trusted. That article includes a long list of examples where Evans has committed plagiarism and threatened those who question his credentials as a hacker. There are court documents on the Internet that add to the evidence. I won't go into the full summary of misdeeds here, because veteran security professionals have ...

Continue reading

Five security lessons from ‘Mars Attacks!’

If you look closely, the 1996 Tim Burton film "Mars Attacks!" offers us a few security lessons. Let the following clip play as I run through some examples... http://youtu.be/VYHeZCEFwhI Lesson 1: If you release a white dove over someone's head before you verify who you're dealing with, you have failed to practice due diligence. The resulting bad press could damage your brand. Lesson 2: Regarding Jack Nicholson's speech about two ...

Continue reading

Privacy under fire: Aaron Sorkin saw it coming in 1999

I've long been a fan of "The West Wing," which follows the drama of fictional president Josiah Bartlet and his senior staff. The series launched well before the privacy debates that are now the norm. But series creator Aaron Sorkin was way ahead of his time all those years ago when he focused on Internet privacy in the season one episode "The Short List." In the episode, Bartlet has nominated ...

Continue reading

Weak Passwords: Mel Brooks warned us

Look back more than 20 years and you'll find that we were warned about the dangers of weak passwords long before it was much of a thought in anyone's minds. The warning came from Mel Brooks in a 1980s Star Wars spoof called "Spaceballs." Observe: http://youtu.be/_JNGI1dI-e8 Class dismissed.