04Apr, 2011

Browser Security

Attacks are moving from your operating system to your third party applications including but not limited to your web browser, PDF reader, video players, etc. Additionally, software makers patch their software multiple times per year. For these reasons, I recommend you ensure ALL your software is up to date. To check if your browser and […]

19Mar, 2011

Blackhat Europe 2011 Recap

Blackhat Europe 2011 just wrapped up. If you weren’t able to make it (like me) then we must rely on the community to fill us in on what went down until Blackhat.com puts up the archives. I would like to share the write ups I found most useful: Corelan.be Day 1 Rootshell.be Day 1 Corelan.be […]

17Mar, 2011

Cross Platform Password Management

Every information security professional will tell you to use different passwords for every site. This is because if one site gets compromised and your password is cracked then the attacker can log into every site you use. The biggest complaint consumers have with using different passwords is remembering them all; now you don’t have to. […]

16Mar, 2011

Internet Explorer 9 Released

I hope no one is still running Internet Explorer 6; if you are Microsoft has a countdown and awareness campaign to get you and your grandmother to upgrade. For those that are fairly up to date, be informed you are not because Microsoft released Internet Explorer 9 today. If you are feeling risky and are […]

15Mar, 2011

Making Twitter More Secure: HTTPS

It seems the information security industry has finally convinced Twitter to enable HTTPS and provide an option to have it enabled always. Tools like FireSheep and multiple research has been pushing companies to force HTTPS all the time. Make sure to enable this especially fi you frequent public networks. Twitter has posted this blog post with […]

13Mar, 2011

SSL Renegotiation Denial of Service

Having SSL Renegotiation enabled is a denial of service attack vector. An SSL Renegotiation Man in the Middle vulnerability was reported in 2009 as CVE-2009-3555. The vulnerability relies on two key issues: having SSL Renegotiation enabled and having a vulnerable SSL Implementation (pre RFC 5746 also known as insecure renegotiation). There is another issue that ONLY requires having […]

12Mar, 2011

Facebook – Download your Information

I was going through my Facebook Account a settings as everyone should be doing and found a few new settings and options I did not know about. Facebook Account settings may be accessed through the top right of any Facebook page once you are logged in. Some changes I made today: Password – you should […]

01Mar, 2011

Windows 7 & Server 2008 R2 Service Pack 1

Microsoft was doing so well cleaning up their reputation post-Vista era until they released Service Pack 1 for Windows 7 and Windows Server 2008 R2. Even SANS Internet Storm Center has an article dedicated to identified issues with the service pack. Here is my advice: Unless you have not installed the recent patches via Windows […]

23Feb, 2011

AT&T U-Verse Open Port 3479

Most AT&T U-Verse subscribers receive a 2wire residential gateway for their subscription to Internet, TV, and VoIP phone service. I believe most subscribers get a 3800HGV-B. The user guide for that model does not mention anything about a TCP Port 3479 being opened or used by default. So I found it strange to see TCP port 3479 […]