What`s New
Heartbleed? That’s nothing. Here comes Microsoft SChannel!
- Albert Zenkoff
- 2014-11-13
- Technology, attack, critical, HeartBleed, library, Microsoft Secure Channel, no mitigation, no workaround, patch, remote, remote code execution, SChannel, vulnerability, WinBleed
The lot of hype around the so-called “Heartbleed” vulnerability in open-source cryptographic library OpenSSL was not really justified. Yes, many servers were affected but the vulnerability was quickly patched and it was only an information disclosure vulnerability. It could not be used to break into the servers directly. Now we have Microsoft Secure Channel library ...
Read More
Visualization of world’s largest data breaches
- Albert Zenkoff
- 2014-11-11
- Management, biggest, breach, bubble, data, diagram, entertaining, interesting, losses, security, useful, visual, visualization, world
I stumbled upon a very interesting infographic that portrays some of the world’s biggest data breaches in a running bubble diagram. Entertaining and potentially useful in presentations Have a look.
Read More
Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone)
- Albert Zenkoff
- 2014-11-03
- Society, attacks, crypto, Cryptography, device, encryption, limitations, mobile, security, Sven Tuerpe, system
An excellent article by Sven Tuerpe argues that we pay excessive attention to the problems of encryption and insufficient – to the problems of system security. I wholeheartedly agree with that statement. Read the original article: Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone). Security cannot be based solely on the ...
Read More
Facebook “joins” Tor – good-bye, privacy!
- Albert Zenkoff
- 2014-11-03
- Society, activity, anonymous, commercial, cost, disclosure, Facebook, identity, interest, network, privacy, protection, society, Tor
Multiple publications are touting the announcement by Facebook of a Tor-enabled version of the social networking website as nothing short of a breakthrough for anonymous access from “repressed nations”. They think that the people around the world who wish their identity and activity online to remain hidden will now have a great time of using ...
Read More
Three roads to product security
- Albert Zenkoff
- 2014-10-16
- Management, advice, choice, Common Criteria, consult, definition, management, OpenSAMM, path, process security, product security, road, security, three, way
I mentioned previously that there are three ways to secure a product from the point of view of a product manufacturing company. Here is a little more detailed explanation. This is my personal approach to classifying product security and you do not have to stick to this but I find it useful when creating or ...
Read More
Secure the future – have a change of mind!
- Albert Zenkoff
- 2014-09-24
- Management, atomization, civilization, costs, economics, justify, long term, management, mindset, necessity, profit, profitable, secure future, security, separation, short-sighted, survival
The future of the enterprise can be secured provided that it is properly organized and operated with full understanding of its economics. The current concentration on “profit here and now” is extremely harmful to the survival of the economy of the world as a whole and every given enterprise in particular. Why is that? There ...
Read More
More on WordPress xmlrpc denial of service attacks
- Albert Zenkoff
- 2014-09-08
- Technology, apache, attack, conditions, denial of service, DOS, protection, rewrite, rewrite_mod, rules, service, user agent, WordPress, xmlrpc
The attacks on WordPress using xmlrpc.php service are rather common. I already mentioned that you could filter out unwanted user-agents using the redirect capability of Apache. That would, however, take care only of obvious cases, where you see that this particular user-agent could not possibly be your reader. What do we do if the user-agent ...
Read More
Dark alleys of cybersecurity
- Albert Zenkoff
- 2014-09-01
- Society, assessment, awareness, cybersecurity, cyberspace, danger, dark alley, internet, security, situation
The security of the so-called “cyberspace” has deteriorated beyond belief. Some people tell me that my stories are far-fetched and that I view the security and computer industry with some sort of a depressing negativism. I disagree. The problem is, I am trying to stay positive and optimistic. My tales rarely go to the full ...
Read More
Strategy towards more IT security: the road paved with misconceptions
- Albert Zenkoff
- 2014-07-23
- Society, component, conference, future, government, ignorance, internet, IT, management, manufacturing, misconception, network, restrict, secure, security, software, strategy, system
The strategy towards more IT security in the “Internet of Things” is based a little more than entirely on misconceptions and ignorance. The policy makers simply reinforce each other’s “ideas” without any awareness of where the road they follow is leading. As I listened on in the K-ITS 2014 conference, it became painfully obvious that ...
Read More
Mitigating Denial of Service attacks to WordPress xmlrpc
- Albert Zenkoff
- 2014-07-14
- Technology, attack, botnet, DDOS, denial of service, htaccess, mitigation, redirect, server, user agent
I have attracted attention, apparently. My website is under a Distributed Denial of Service (DDOS) attack by a botnet for the last week. I am flattered, of course, but I could live without a DDOS, frankly. The requests go to xmlrpc.php every second or two from a different IP address from around the world: POST ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
Share and stay updated
About the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.