I recently read an article discussing how our home devices are now a more public target for attackers. All the smart devices in our home are “smart” because they are nothing more than small embedded devices that typically run some variant of Linux. Therefore, any attack against Linux means an attack against your toaster, home security system, HVAC controllers, and yes, your refrigerator and television.Read more
If you haven’t heard about it by now, let me clue you in: Java is a security nightmare. A few days ago, a zero-day exploit for Java 7 became widely-known. The exploit bypasses Java 7′s security sandbox and permits attackers to download and execute code without user interaction. The attack is already available in Metasploit and in the Blackhole Exploit Kit (BEK). Since it’s in BEK, users are now susceptible to this attack via so-called “drive-by” web hacks. All a user has to do is get unlucky and visit a compromised site (and there are a TON of compromised WordPress sites out there) and their machine is compromised.Read more
From the what-is-the-world-coming-to department:
Attention parents of teenagers. This story has made the front page of Slashdot: Teens Share Passwords as a Form of Intimacy. First, you had to talk to your teens about alcohol and drugs. Then, the birds and the bees. Now add another item to your list of topics during The Talk: abstinence from pre-marital password sharing!
For the past week, BEAST has been the talk of the InfoSec community. BEAST stands for “Browser Exploit Against SSL/TLS” and is a new way to execute an attack against CBC mode encryption algorithms. The attack has been theorized for quite some time (2006 seems to be about the time it became known), but until BEAST, an attacker had no practical way to execute the attack, and even with BEAST, the attack against CBC is still difficult to execute.Read more