Doug Vitale Tech Blog

Latest IT news and commentary

The Fight For HTTPS

Fast Company, 1 Oct 2014 – Since 2009, Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) has been trying to make the Internet more secure. His goal–getting companies to add a layer of encryption to their websites, turning HTTP to HTTPS–might not sound like much. After all, what’s one letter on a URL? But that extra letter, it turns out, is all it takes to make government surveillance, censorship attempts by authoritative regimes, and attacks by ill-intentioned hackers more difficult to pull off. [More]


Bash shell…SHELLSHOCKED

Bash shell vulnerabilities plague Linux systems, and may be more damaging than Heartbleed

ShellShock: All you need to know about the Bash Bug vulnerability

Attackers exploiting Shellshock (CVE-2014-6721) in the wild


‘Spike’ toolkit scales multi-vector DDoS with Windows, Linux hosts

SC Mag, 26 Sep 2014 – Distributed denial-of-service (DDoS) attacks aimed at regions of Asia and the U.S. have been linked to a new toolkit, dubbed “Spike.” Capable of scaling large, multi-vector attacks – which include SYN flood, UDP flood, domain name system (DNS) query flood and GET floods – the toolkit can communicate and execute commands to infected Windows, Linux and ARM-based devices, researchers with Akamai Technologies found. [More]


Could ultrafast broadband over copper speed the rollout of gigabit Internet?

Tech Republic, 26 Sep 2014 – For the most bandwidth hungry users fibre optic cable tends to be the best option; but as most UK consumers and small businesses are still on the old-style copper phone lines they’re forced to languish in the broadband slow lane. Now researchers claim to have demonstrated speeds approaching those seen over fibre optic – but without the hassle and expense of having to connect fibre to the premises, using instead a combination of fibre and copper. [More]


How Boston Children’s Hospital hit back at Anonymous

CSO, 15 Sep 2014 – Hackers purportedly representing Anonymous hit Boston Children’s Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe. [More]


About 5 Million Google Account Credentials Dumped Online

Softpedia, 10 Sep 2014 – A database containing usernames and passwords for almost five million Google accounts emerged on a Russian forum late on September 9. The user dumping the information on Bitcoin Security board uses the online alias “tvskit” and says that although not all the entries are valid, more than 60% of them should be working; all passwords are provided in plain text. [More]


Home Depot Hit By Same Malware as Target

KrebsOnSecurity, 7 Sep 2014 – The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation. [More]


Android: 33% more device shipments, 60% more fragmentation

TechRepublic, 5 Sep 2014 – Android has a problem. Or, rather, Android developers have a problem. Despite dominating a whopping 84.7% of the global smartphone market (up from 79.6% in 2013), Android fragmentation gets worse each year, with developers needing to account for at least 18,796 different Android devices in circulation this year. What’s a developer to do? [More]


Analysis of Chinese MITM on Google

Netresec, 4 Sep 2014 – The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We’ve performed technical analysis of the attack, on request from GreatFire.org, and can confirm that it is a real SSL MITM against http://www.google.com and that it is being performed from within China. [More]


Hospital Hacks Are Skyrocketing Because Hospitals Are Easy to Hack

Gizmodo, 3 Sep 2014 – According to a fresh report from cybersecurity experts, hospitals are hackers’ new favorite playground. That’s unsettling news for anyone who’s ever visited a hospital (read: everyone) but it also offers a curious window into how we guard our most important data. Put bluntly, we do a pretty piss poor job of it. [More]


USB firmware: An upcoming threat for home and enterprise users

TechNet, 2 Sep 2014 – USB is a common industry standard for connecting peripherals like keyboards, webcams, and thumb drives to computers. During their presentation, the researchers illustrated a serious problem in how many USB devices are implemented. USB peripherals run their own processor and firmware to talk to the PC they are connected to, and the problems arise when the firmware on the USB peripheral is changed to be malicious. All major platforms such as Windows, Mac OS X, and Linux are affected since these problems are in the USB devices themselves, not the platforms they are connected to. [More]



Archive (search for keywords with site search engine)

July – August 2014
May – June 2014
March – April 2014
January – February 2014
November – December 2013
September – October 2013
July – August 2013
May – June 2013

Written by Doug Vitale

July 31, 2013 at 12:13 PM

%d bloggers like this: