Popular Posts

  • IT Auditing at ADM
    This past Tuesday December 3rd, 2013 we had two  guest speakers from ADM , Gary Hotwick and Wayne Sharp. Gary is a Millikin Grad who graduat...
  • Security of Picture Gesture Authentication
    When windows 8 was introduced it came with a new form of password security with the picture  gesture authentication. With time we realize...
  • Linux vulnerability
    The Linux operating system has a vulnerability within it for the past two years, it gives "untrusted" users with restricted accoun...
  • Adobe Data Breach
    Adobe systems recently confirmed that it's network was breached during an attack in which 2.9 million of their customers had their infor...
  • Database Security Vunerabilities
    There are certain common and serious database vulnerabilities that most businesses that deals with data should know of. Cyber attack has bee...
  • Linux is more Secure than Windows
    For small businesses or organizations that are lacking dedicated IT security staff using Linux can be very beneficial. There is a saying wit...
  • Internet Explorer Zero-Day
    There is a zero day flaw in Internet explorer, this impacts all versions of the browser but it seemed as though criminals are more focused ...

Sunday, October 20, 2013

Linux vulnerability

The Linux operating system has a vulnerability within it for the past two years, it gives "untrusted" users with restricted accounts root access over machines. Along with the machines, it also affected severs running in shared web hosting facilities and other sensitive environments. The maintainers of Linux operating system quietly released an update that patched the hole. Even a month after the patch was sent out most users still remains wide open; mostly because they were not aware of the vulnerability.

The severity of the bug is in Linux kernel's performance counters subsystem and became clear when the code exploiting they vulnerability was publicly available. The script is used to take control of servers that are operated by many shared web providers. Basically hackers with limited control over a a Linux machine can use the bud to escalate their privileges.

Security is such a huge matter when it comes to business dealing, it was wrong for Linux not to publicly disclose this issue so that all that were affected can take the necessary steps towards avoiding that.

http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/
Posted by at 2 comments:

Monday, October 7, 2013

Adobe Data Breach

Adobe systems recently confirmed that it's network was breached during an attack in which 2.9 million of their customers had their information compromised. Information compromised includes customer names, passwords, debit and credit cards, and many more.

There was also a theft of source code for their products, Acrobat, ColdFusion Builder, and others. "CISO of Hold Security LLC as the poured over the contents of a server used by the cyber criminals recently revealed to have been behind damaging attacks on multiple data aggregators".

The Chief Security Officer Brad Arkin reported that there are no zero day exploits, so there shouldn't be any surprises but then encourages users to use just supported versions of their products. In response to the attack, the compromised password have been reset, and individuals and companies have been notified.

How did this affect businesses, well most of the big business in the world do use adobe products and what companies tend to do is that they have a common password for most of the applications they get. So what will happen is that now companies have to ensure that all those other password have been changed.

Adobe did indeed indicate that all the users whose account have been compromised have been notified to reset their passwords, there have reports of users whose old compromised password can still log into the Adobe Creative Cloud. It seems as though those systems are not connected to the reset procedure. They should just have all users reset their password entirely so that they do not forget parts of it.

http://www.securityweek.com/adobe-confirms-source-code-breach-theft-customer-data

http://www.pcworld.com/article/2052180/adobe-reports-massive-security-breach.html
Posted by at 1 comment:
Subscribe to: Posts (Atom)