The security issue related to OpenSSL has been all over the news in the last couple of days.
It is indeed a very bad issue, one that can let an attacker access the login details, including passwords, of registered users from vulnerable Websites/Servers. Yahoo mail, was one of those sites…out of nearly a million others!
This vulnerability has been around for 2 years, it affects servers usingOpenSSL 1.0.1 through 1.0.1f (inclusive).
Those servers could be running consumer websites or other applications. For example, the Network Security Monitoring suit: Security Onion, was vulnerable until yesterday when a security fix/update was released. The same applies to the Penetration Testing platform Kali 1.06, which was vulnerable until today!
If those applications/environments were internet facing, userids and passwords may have been compromised in the last 2 years.
This issue allows the attacker to access the memory of a vulnerable server, it means that ...
>>[READ MORE]
Bluetooth under attack
#92 - Posted on
4 February 2014 - Author: SM - Category: Hacking
I have heard of Ubertooth for a while now and it seems it use to attack bluetooth devices keep growing. Once recent attack described HERE can leverage the Ubertooth sniffing capability to crack the encryption algorithm used by the Bluetooth Low Energy (BLE) standard. BLE is also referred to as Bluetooth Smart.
Sure, BLE/Bluetooth Smart is different from Bluetooth, but it issupported by most recent mobile devices (i.e.: the latest iPads and iPhone as well as some Android devices), and will be increasingly used in “smart” appliances, from toothbrushes to fridge if you believe this >>[READ MORE]
Apple Security in the Enterprise
#91 - Posted on
3 February 2014 - Author: SM - Category: Guides
There is a good document from the UK government describing the different security features available in Apple Mac OS X 10.8 and the ones you should consider if using a Mac as an enterprise end point:
OS X 10.8 UK Gov security guidance document.
In light of all the noise created by the NSA and GCHQ surveillance programs you might be tempted to dismiss governments’ position and view when it comes to IT Security. However,I found that document quite good and high level enough to be understood by mid-level management at least :)
They do refer to an MDM solution for some of the controls without specifying which one, so I assume they are referring to a OS X Server Profile Management solution as described by Apple HER...
>>[READ MORE]