In 2011, we saw a large increase in web site exploits that exposed private user data as well as a breakdown in the trust of SSL (for various reasons) and the introduction of real malware on to the OS X scene. If there were just three things I could ask Mac users to do in… Continue reading
Posts Tagged → SSL
An Open Letter to IT Vendors For 2012
Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take this list back to the… Continue reading
What Can We Learn From The @lulzsec senate.gov Hack Dump?
What can the @lulzsec senate.gov dump tell us about how the admins maintained their system/site? [code light=”true”]SunOS a-ess-wwwi 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise[/code] means they haven’t kept up with OS patches. [-1 patch management] [code light=”true”]celerra:/wwwdata 985G 609G 376G 62% /net/celerra/wwwdata[/code] tells us they use EMC NAS kit for web content. The ‘last‘ dump shows… Continue reading
WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates
Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading
Herding [Fire]sheep
By now, many non-IT and non-Security folk have heard of Firesheep, a tool written by @codebutler which allows anyone using Firefox on unprotected networks to capture and hjijack active sessions to popular social media sites (and other web sites). The sidebar/extension puts an attactive and easy-to-understand GUI over a process that “real” security people have… Continue reading