Category: Encryption

The OpenSSL Heartbeat Vulnerability: Forgotten Attack Vectors

The web is abuzz with reports of the OpenSSL Heartbeat vulnerability. It’s not an understatement to say that this is the most serious vulnerability to come along in several years. There are many good write-ups about it and I don’t

Posted in Encryption, Incident Response, Risk Management, Vulnerabilities

The Immutable Friday Fav Five

Here are the five links that I found interesting for this week: Mitigating the Apache Range Header Attack. This is a pretty good overview of several ways you can protect yourself for little to no cost. Also, see my post, Detecting

Posted in Computer Crime, Encryption, Incident Response, Intrusion Detection, Log Analysis Tagged with:

I Support George Hotz

For the past couple of weeks, I have been reading with great interest the coverage of Sony deciding to bring suit against George Hotz. George, or GeoHot, as he is known, and others like him, hacked the PS3 after Sony

Posted in Dialogue, Encryption, Ethics, Personal Liberty, Secure Design

Using OSSEC for Encrypted Log Transport

Here’s a little secret that the sales guys of the million-dollar SIEMs are probably going to gloss over. Most of them do not offer a way to encrypt logs in transit end-to-end. Worse, many of them use downright silly methods

Posted in Encryption, Intrusion Detection, Log Analysis, Secure Design Tagged with: , , ,

WPA Cracked

PhysOrg.com and many others are reporting a new attack against WPA encryption, which is used in wireless networks. While WEP encryption has been proven to be all but worthless, attacks against WPA have mostly been limited to acedemic and brute-force

Posted in Encryption, Research, Vulnerabilities Tagged with: , ,

The Key to Yahoo! Mail: Domain Keys

For some time now I have had problems with Yahoo! accepting mail from the domains I manage and marking the messages as spam. They continued to blackhole me depite having never been an open relay, having a valid PTR record,

Posted in Encryption, Secure Administration, Systems Hardening Tagged with: , , ,

Did You Just Send Your Sensitive Info In the Clear?

VoIP, or Voice Over IP is quickly usurping traditional phone lines. It’s not hard to understand why. VoIP service allows you to do things previously impossible with traditional phone service. You can use physical phones or an application on your

Posted in Encryption, Privacy, VoIP