Officially, the flu season begins on the first of October and runs until spring. Even though the CDC says that this year’s flu is starting out a little bit milder than the two previous years, I know several people that are suffering through a nasty type of flu already this year. This stuff starts out [...]
Recently, attacks on web applications have been on the rise, and there is good evidence that exploitation through SQL injection of web applications has brought about the tremendous surge in botnet infected machines. The focus of such attacks should result in us asking ourselves if we are at risk. If you have a web application [...]
A worm has been spotted in the wild that is exploiting the MS08-067 vulnerability for which Microsoft released an out-of-band update for yesterday. We urge you to update as soon as possible as there is now working code in the wild. All servers should be patched, especially external ones. If for some reason you have [...]
Today Microsoft is rolling out an unscheduled update. This vulnerability is critical and there are reports that it has been exploited by malware for the last few weeks. The most vulnerable systems are Windows 2000, Windows XP and Windows 2003. On these systems it is possible exploit the system without authentication. On Windows Vista and [...]
Please be aware that new versions of HPPE in the works will be using a new key mechanism. The current key mechanism appears to have fallen prey to piracy and a key has been identified in several “WAREZ” distribution sites. It appears that the current key that was leaked was made public after the software [...]
Just a reminder about our lab services for those organizations that may be interested. Part of what has made MSI famous over the years is the extensive work we have done around application and device security. Our lab has tested everything from traditional software to ultra-modern web applications and all kinds of hardware from appliance [...]
I think the presentation at TechColumbus went well. The crowd seemed into it and their questions, comments and feedback were good. Sorry to the person I had to shutdown during the talk – but we had a time limit and such for the presentation and we had to keep from getting on a tangent. Overall [...]
Microsoft patches now include a new exploitability index. This new rating attempts to quantify when/if an exploit is likely to become available for a given vulnerability. The rating also attempts to take into consideration how stable a given exploit is likely to be. Personally, I think this is a good idea, especially if they keep [...]
We are in a new age of information security. The primary threats to our critical data assets are well within the firewalls and layered architectures of the degenerative “perimeter”. Attackers can and will leap your firewalls, tunnel through your DMZs and trick your users into being the gateway to attack. The idea of the walled [...]
One of the questions I get asked the most when I speak on electronic voting is why voting is not done over the Internet. While I can clearly understand the idea of online voting being easy and efficient, I wanted to take a moment and give you the three biggest reasons why I think it [...]