Year
Number of 802.11 packets required to crack WEP
2001 – 2004
5-10 million (FMS attack)
2004 – 2007
500k (unique IVs) on average for 128-bit WEP (Korek attack)
2007 – 2008
40k (ARP packets) using the PTW attack
2008 – Present
25k (replayed packets) using the ARP replay and/or chopchop replay, with combined [...]
Research in Motion has just released security bulletin KB17118 that announces a new set of vulnerabilities in the Blackberry Attachment Service that runs on Blackberry Enterprise Server (BES). According to Blackberry, “these vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing [...]
Irving Popovetsky explains how to change the local Administrator account on all machines in a Windows Domain to a unique, strong password using VBscript scripting.
I was recently interviewed by Michelle Rafter for Inc. Technology about best practices for Administrative Passwords.
Article link: Psst! Whats the Password?
Microsoft has released a security advisory (954462) warning users that automated SQL injection attacks against ASP and ASP.NET based sites are escalating. Unlike about 5 years ago, most web developers I talk to today understand what SQL injection is and how to defend against it.
The new automated attacks are mostly focused on Content Management System [...]
Last week, quite a few major vulnerabilities were discovered in some of our customer’s favorite products, namely:
VMWare (all products, from ESX Server all the way down to VMware Player)
Cisco PIX and ASA (versions 7.1, 7.2, 8.0 and 8.1)
Mac OS X (Both Server and Client editions, 10.4 and 10.5 are affected)
Quite a few of these [...]