As reported by blogger Donovan Colbert on TechRepublic, Android devices automatically synchronize settings from your phone to Google servers so that when you log in from other devices, your settings travel with you. This is very convenient for users, but if those users have signed into your corporate wifi, the synchronized data may include your [...]
NIST has announced a highly exploitable flaw in the HP System Management Homepage (SMH) that can allow unauthenticated users to attack the web application over the network to ultimately execute arbitrary code on the server. The flaw has been rated with a CVSS Base Score of 10, which means it is highly exploitable and has [...]
The Managed Accounts feature in SharePoint 2010 allows administrators to hand control of service account passwords over to SharePoint, reducing the need to manually track and change passwords. This is a major advance in security because administrators now have a tool to change those service accounts that are rarely changed otherwise. In two independent SharePoint [...]
With increased competition in the TFA market, we’re seeing better options at lower costs. As a result, implementing TFA to protect critical assets is becoming more feasible by the day.
The brute is back. By the brute, I mean the SSH brute force attack. In the last month we have noticed an upturn in SSH brute force traffic targeting hosts addressed in public IPv4 address space. The highest ranking attack sources we have seen include address allocations in KRNIC, APNIC, and RIPE. In the cases [...]
While there was some security documentation for SharePoint 2007, it was general in nature, and it required browsing around several different documents and pages. Microsoft has done us a service with the SharePoint 2010 security hardening documentation that was released around the time the product hit RTM. This documentation includes a secure server snapshot of [...]
At this point in time, Your organization most likely uses its website to deliver key business data to your customers. This could include the delivery of product marketing information, contact information, or product support documentation. Your product may be your website if you deliver your application in a SaaS or cloud based distribution model. As [...]
“What do I do about the vulnerable open source components installed in my commercial products?” I have been asked that question many times, and I wish the reply I had to deliver was one with a better message. Unfortunately we often find vulnerable components embedded in commercial products. Vulnerabilities that can lead to the compromise [...]
Year Number of 802.11 packets required to crack WEP 2001 – 2004 5-10 million (FMS attack) 2004 – 2007 500k (unique IVs) on average for 128-bit WEP (Korek attack) 2007 – 2008 40k (ARP packets) using the PTW attack 2008 – Present 25k (replayed packets) using the ARP replay and/or chopchop replay, with combined PTW+Korek [...]
Research in Motion has just released security bulletin KB17118 that announces a new set of vulnerabilities in the Blackberry Attachment Service that runs on Blackberry Enterprise Server (BES). According to Blackberry, “these vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on [...]