There has been something that has been bothering me for a few years now and I figured I would post about it, since the deed has been done. For years, I have studied, practiced, and implemented security measures and I even turned it into a career! But T3CHKOMMIE.com was still providing its services in the clear (Over HTTP). After spending the better part of my weekend patching servers and upgrading code, I figured I would stand up my own Root Certificate Authority at T3CHKOMMIE.com and start hosting over HTTPS. This change now provides encryption and a significant improvement to your viewing security.
I have been a very big supporter and user of Ubuntu since I discovered Hardy Heron (8.04) and dual booted my MBP to unleash its full potential. I have also been a self proclaimed crusader of open source software and personal privacy. In the past few weeks I have noticed that, with its growing popularity, Canonical has started to play hardball with its image and “intellectual property”. (more…)
Looks like the Security Focus Team found something interesting again today. I am a huge fan of Wireshark. As a matter of fact, I will be doing a software review of it when my time and schedule permit. For now, just a little public service renouncement.
From what I can gather, it looks as if these older versions of Wireshark fail to handle an exception with a specific kind of packet. This poorly handled exception causes Wireshark to crash, thus the DOS attack. It appears that this attack only effects Wireshark itself, so this info is really only out there for the security/network/forensic minded. (more…)
The security feeds that I watch regularly posted a few interesting things about known vulnerabilties for WordPress. You should read the following link and click on the tabs about info exploits and fixes.
Security Focus for WordPress
From what I have been able to guess, if you are running WP version 3.5.1 or newer, you should be ok. It seems that the vulnerability lies in HTTP script injection that can allow an attacker to pivot from your website and attack your visitors! I noticed that 3.5.1 just came out today (or at least that is when I checked).
A snip from the broadcast: