Home > Uncategorized > Security News #0x5E

Security News #0x5E

  • The folks at Adallom describe an attack against Office365 that would allow an attacker to pilfer an organization’s SharePoint Online site. The vulnerability (CVE 2013-5054) was reported to Microsoft in the spring, and just patched in MS13-104.
For Students
  • Many of my students are interested in possibly working at the NSA. For those of you in that situation, you may want to read the experiences of Loren Sands-Ramshaw.
Learning More
  • Three Israeli researchers have found a way to crack RSA on a remote computer solely by listening to the sounds it emits. I don’t know if this is something to worry about, but the coolness factor is high.
  • The continuing saga of malware in JPEG images well, umm, continues. Definitely an area that is worthy of some additional attention.
Industry News
  • If you visited the official php.net site back in October, then you may have been exposed to something more worrying than typical malware, and instead were exposed to a new kind of DGA changer.
  • The Washington Post has a nice piece on how attackers can activate Macbook webcams remotely without also activating the camera light, making this quite stealthy. Although the Post piece only mentions Macs, Windows folks appear to be vulnerable to similar attacks.
  • You already know about the massive breach at Target stores; data for as many as 40,000,000 credit card accounts may have been pilfered.
  • There is a serious vulnerability in OpenSSL’s use of the the Dual EC DRBG algorithm, however as they report "The nature of the bug shows that no one has been using the OpenSSL Dual EC DRBG." You can get some perspective at Ars Technica.
  • Reuters reports that RSA received $10 million to use an NSA preferred algorithm in some of their products.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: