Independent – Page 369 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Wed, 19 Jul 2017 15:43:36 +0000

Maybe some of you missed this amid all the breach news recently (I know I did), but Trump International Hotels Management LLC last week announced its third credit-card data breach in the past two years. I thought it might be useful to see these events plotted on a timeline, because it suggests that virtually anyone who used a credit card at a Trump property in the past two years likely has had their card data stolen and put on sale in the cybercrime underground as a result.

Independent Krebs

July 18, 2017 admin

Experts in Lather Over ‘gSOAP’ Security Flaw

Credit to Author: BrianKrebs| Date: Tue, 18 Jul 2017 14:30:11 +0000

Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices. The problem wasn’t specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix — and even longer before users install it.

ComputerWorld Independent

July 17, 2017 admin

Microsoft yanks bad Outlook patches of patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches:

KB 4011042 – July 5, 2017, update for Outlook 2010
KB 3191849 – June 27, 2017, update for Outlook 2013
KB 3213654 – June 30, 2017, update for Outlook 2016

As I mentioned last week, Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches.

To read this article in full or to leave a comment, please click here

Independent Securiteam

July 16, 2017 admin

SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Credit to Author: SSD / Maor Schwartz| Date: Sun, 16 Jul 2017 07:24:56 +0000

Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, … Continue reading SSD Advisory – Geneko Routers Unauthenticated Path Traversal

ComputerWorld Independent

July 16, 2017 admin

Verifying and testing that Firefox is restricted to TLS 1.2

Credit to Author: Michael Horowitz| Date: Sun, 16 Jul 2017 12:56:00 -0700

TLS is the protocol invoked under the covers when viewing secure websites (those loaded with HTTPS rather than HTTP). There are multiple versions of the TLS protocol, and the most recent version, 1.2, is the most secure. Last time, I discussed tweaking Firefox so that it only supports TLS version 1.2 and not the older versions (1.0 and 1.1) of the protocol.

But that begs the question: what happens when a security-reinforced copy of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.

To read this article in full or to leave a comment, please click here

Independent Krebs

July 16, 2017 admin

Porn Spam Botnet Has Evil Twitter Twin

Credit to Author: BrianKrebs| Date: Sun, 16 Jul 2017 12:11:35 +0000

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of more than 80,000 automated female Twitter accounts has been pimping the same dating scheme and ginning up millions of clicks from Twitter users in the process.

ComputerWorld Independent

July 15, 2017 admin

Microsoft yanks bad Outlook patches-of-patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches:

KB 4011042 – July 5, 2017, update for Outlook 2010
KB 3191849 – June 27, 2017, update for Outlook 2013
KB 3213654 – June 30, 2017, update for Outlook 2016

As I mentioned last week, Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 13, 2017 admin

Restricting Firefox to TLS version 1.2 makes browsing safer

Credit to Author: Michael Horowitz| Date: Thu, 13 Jul 2017 19:43:00 -0700

Although its common to think of a secure website as the opposite of an insecure one, the choice is not, in fact, binary. For a website to be truly secure, there are about a dozen or so ducks that all need to be lined up in a row.

Seeing HTTPS does not mean that the security is well done, secure websites exist in many shades of gray. Since web browsers don’t offer a dozen visual indicators, many sites that are not particularly secure appear, to all but the most techie nerds, to be secure nonetheless. Browser vendors have dumbed things down for non-techies.

Last September, I took Apple to task for not having all their ducks in a row, writing that some of their security oversights allowed Apple websites to leak passwords.

To read this article in full or to leave a comment, please click here