PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

  • Home
  • About
    • Privacy Policy
  • Categories
    • Google+ Posts
    • Site news
    • Tech
      • Android
      • Apple
      • Chrome
      • Gadgets
      • Hacking
      • Linux
      • OSX
      • Privacy
      • Web Life
        • Bittorrent
        • Facebook
        • FireFox
        • GMail
        • Google
        • Google+
        • Twitter
        • WordPress
        • Windows
          • Windows 7
    • Google+: Getting Started Guides
    • Games
    • Meditation
    • Politics
    • Science
    • That’s freakin hilarious
  • Code
    • FreeImageZoom
    • Post Editor for Google+™
    • The Plus Editor
  • Contact
You are here: Home / Archives for security

1.3 million WordPress websites running WP-Slimstat exposed to SQL Injection attacks

February 25, 2015 by Paul Spoerry Leave a Comment

 

If you're running WordPress and WP-Slimstat you need to make sure you get updated to version 3.9.6 immediately. Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that's used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites.

Read more details here: http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html

Check this out on Google+

Filed Under: Google+ Posts Tagged With: security, Wednesday, Wordpress

Hide your mac! bootkit for OS X can permanently backdoor Macs

January 8, 2015 by Paul Spoerry 32 Comments

 

Dubbed Thunderstrike, because it spreads through maliciously modified peripheral devices that connect to a Mac's Thunderbolt interface. When plugged into a Mac that's in the process of booting up, the device injects what's known as an Option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS. The Option ROM replaces the RSA encryption key Macs use to ensure only authorized firmware is installed. From there, the Thunderbolt device can install malicious firmware that can't easily be removed by anyone who doesn't have the new key.

moar here: http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Check this out on Google+

Filed Under: Google+ Posts Tagged With: apple, mac, security, Thunderstrike

Darkmail aims to fundamentally change email by making it secure by default

January 7, 2015 by Paul Spoerry 6 Comments

 

If you don't already know this… your email is sent over the Internet unencrypted. It's the digital equivalent of sending a letter through the mail without an envelope. Anybody who comes across it can read it. The Darkmail Technical Alliance, which is composed of some heavy hitters like Lavabit founder Ladar Levison and PGP designer Phil Zimmermann, aim to change all of email with drop-in SMTP and IMAP replacements that will wrap messages in layers of encryption.

"Conceptually, DIME applies multiple layers of encryption to an e-mail to make sure that the actors at each stage of the e-mail’s journey from sender to receiver can only see the information about the e-mail that they need to see. The e-mail’s author and recipient both know who sent the message and where it was bound, but the author’s e-mail server doesn’t—it can only decrypt the part of the message containing the recipient’s e-mail server. The recipient e-mail server knows the destination server and the recipient, but it doesn’t know the sender. So if you arrange the four steps in a line from left to right—author, origin server, destination server, and recipient—each step in the line is only aware of the identity of the entity directly to its left or right."

This could be huge and it certainly has the right people in place to make it happen. They'll be submitting all of it to the IETF as a formal set of RFCs and there is even a pre-alpha GitHub repository.

Check out the rest of the article on Ars… it's really worth a read if you're at all curious about the subjects of security and/or email.

Src: http://arstechnica.com/security/2015/01/lavabit-founder-wants-to-make-dark-e-mail-secure-by-default/

Check this out on Google+

Filed Under: Google+ Posts Tagged With: Darkmail, email, encryption, Lavabit, pgp, security

FreeBSD will no longer allow users to trust processors manufactured by Intel and…

December 10, 2013 by Paul Spoerry 5 Comments

FreeBSD will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys

Following NSA leaks from Snowden, engineers lose faith in hardware randomness.: “We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say

#Linux   #Security   #Cryptography   #NSA  

“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say
Following NSA leaks from Snowden, engineers lose faith in hardware randomness.

View this post on Google+

Filed Under: Google+ Posts Tagged With: Cryptography, Linux, NSA, security

LastPass Sentry Monitors Your Accounts for Security Breaches

September 18, 2012 by Paul Spoerry 1 Comment

LastPass Sentry is a new feature of LastPass that will automatically monitor your accounts against known compromised site and inform you if your email appears in a list of breached accounts. [Read more…]

Filed Under: Hacking, Privacy, Tech, Web Life Tagged With: icon, Lookout , mobile, security

Next Page »

Copyright © 2022 · Epik on Genesis Framework · WordPress · Log in