wireless-enabled printers remain deployed in a potentially vulnerable default configuration
Operation Dust Storm State Hackers Target Japan
Cylance report claims group has been around since 2010
MouseJack Flaw Affects Billions of Devices
Attackers can remotely hack wireless mice from within 100 meters away.
Most SSL VPNs are Wildly Insecure
SHA-1, Heartbleed and the insecure SSLv3 protocol all plague the arena.
Last Year 700 Million Records Were Compromised
Gemalto study points to ID theft as chief cause
TEISS – Brexit Will be Damaging for Information Sharing Initiatives
The potential British exit from the European Union could disrupt an engine for economic growth.
I Might Be Afraid Of This Ghost
CVE-2015-7547 is not actually the first bug found in glibc’s DNS implementation. A few people have privately asked me how this particular flaw compares to last year’s issue, dubbed “Ghost” by its finders at Qualys. Well, here’s a list of what that flaw could not exploit: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, […]
A Skeleton Key of Unknown Strength
TL;DR: The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. This affects a universally used library (glibc) at a universally used protocol (DNS). Generic tools that we didn’t even know had network surface (sudo) are thus […]
Next Generation IDaaS: Moving From Tactical to Strategic
Today, I posted a blog entry to the Oracle Identity Management blog titled Next Generation IDaaS: Moving From Tactical to Strategic.
In the post, I examine the evolution of IDaaS and look toward the next generation of Enterprise Identity and Access Ma…