Information Security in Today's Digital Culture
Header
printer1

The first time I compromised a Windows domain using this printer misconfiguration my jaw dropped to the floor. I had to walk away from the computer for a minute to soak it in. I had just escalated from zero access to Domain Administrator in under two minutes through the printer user interface. The keys to …
Read more

Logjam Vulnerability

May 21st, 2015 | Posted by Steven Anderson in Monitoring | Security | SIEM - (0 Comments)

The TLS protocol is the current standard for secure communication over the Internet and until now had been considered to be highly secure. A recent discovery of Logjam, a vulnerability that spawns results similar to that of FREAK (Factoring Attack on RSA-EXPORT Keys) affects 8.4% of the top one million web domains. Like FREAK, Logjam …
Read more

I recently read an article discussing how our home devices are now a more public target for attackers. All the smart devices in our home are “smart” because they are nothing more than small embedded devices that typically run some variant of Linux. Therefore, any attack against Linux means an attack against your toaster, home …
Read more

If you haven’t heard about it by now, let me clue you in: Java is a security nightmare. A few days ago, a zero-day exploit for Java 7 became widely-known. The exploit bypasses Java 7’s security sandbox and permits attackers to download and execute code without user interaction. The attack is already available in Metasploit …
Read more

I often get into debates on the use of encryption and it being the panacea of data protection. While encryption has proven itself a viable solution for many years, the problem is never in the algorithm, but rather in the management of the keys. In order for encryption to occur the system must have the …
Read more