Category: Security

Hssl_certificate_003_400_x_400ello Kommrads,
There has been something that has been bothering me for a few years now and I figured I would post about it, since the deed has been done. For years, I have studied, practiced, and implemented security measures and I even turned it into a career! But was still providing its services in the clear (Over HTTP). After spending the better part of my weekend patching servers and upgrading code, I figured I would stand up my own Root Certificate Authority at and start hosting over HTTPS. This change now provides encryption and a significant improvement to your viewing security.

ubuntu-logoI have been a very big supporter and user of Ubuntu since I discovered Hardy Heron (8.04) and dual booted my MBP to unleash its full potential. I have also been a self proclaimed crusader of open source software and personal privacy. In the past few weeks I have noticed that, with its growing popularity, Canonical has started to play hardball with its image and “intellectual property”. (more…)

badFBIsite So I was cruising the web a few days ago and stumbled onto, well actually redirected to, this monster scam of a website. In short, it is a fake site parading as an FBI Cyber Defense warning stating that it found your computer to have copyright material and/or child porn on it. It “locks your browser” with several hundred JavaScript alerts using the “onbeforeunload” method which is annoying to say the least and makes the browser kinda feel locked up. You can, however, unlock you PC by paying the “FBI” $300 via a Green Dot Money Pak! Let’s get serious folks… If the FBI found you had Kiddie Porn on your PC, do you really think they would let you off for $300? And do the Feds really not take Master Card or Visa? Green Dot? Really? (more…)

DntGtPwndwrshkLooks like the Security Focus Team found something interesting again today. I am a huge fan of Wireshark. As a matter of fact, I will be doing a software review of it when my time and schedule permit. For now, just a little public service renouncement.

From what I can gather, it looks as if these older versions of Wireshark fail to handle an exception with a specific kind of packet. This poorly handled exception causes Wireshark to crash, thus the DOS attack. It appears that this attack only effects Wireshark itself, so this info is really only out there for the security/network/forensic minded. (more…)

DntGtPwndThe security feeds that I watch regularly posted a few interesting things about known vulnerabilties for WordPress. You should read the following link and click on the tabs about info exploits and fixes.

Security Focus for WordPress

From what I have been able to guess, if you are running WP version 3.5.1 or newer, you should be ok. It seems that the vulnerability lies in HTTP script injection that can allow an attacker to pivot from your website and attack your visitors! I noticed that 3.5.1 just came out today (or at least that is when I checked).

A snip from the broadcast: