Search results

  1. S

    Rook Security releases detection tool for Hacking Team malware

    There's some value in this. If it detects something, you can be pretty confident that your system is compromised. But a clean scan with this utility doesn't necessarily indicate that a system was not breached by some of the malware that HackingTeam was selling. This utility's detection is all...
  2. S

    Get ready to patch 'severe' bug in OpenSSL this Thursday

    matricks, I stand corrected. It took me a couple of days to verify, but I have confirmed that the vulnerability exists regardless of which side (server or client) is validating the certificate. I was reiterating the assessment from sources that I generally trust as being knowledgeable when...
  3. S

    Get ready to patch 'severe' bug in OpenSSL this Thursday

    https://cryptanalysis.eu/blog/2015/07/09/bypassing-certificate-checks-in-openssl-1-0-2c-cve-2015-1793/ Another reference stating that Client Authentication is where the vulnerability exists. Even the official advisory basically says that, but the wording is ambiguous.
  4. S

    Get ready to patch 'severe' bug in OpenSSL this Thursday

    Well I know I'm not going to convince you. Everyone should just patch as necessary, but Client Authentication is where this vulnerability exists, and most public HTTPS web servers don't require client auth. Did you need to verify yourself with a CA (like verisign) and purchase a certificate to...
  5. S

    Get ready to patch 'severe' bug in OpenSSL this Thursday

    This particular vulnerability is only against client side authentication, which usually is not implemented. It's not about breaking/forging the chain on the server side. Yes, when a client connects to an HTTPS server, the client authenticates the server's certificate. But this vulnerability...
  6. S

    Hacking Team leak releases potent Flash 0day into the wild

    Not quite out of a weeds yet. A second Flash 0-day was found in the HackingTeam data dump after Adobe patched the first one. No patch for number 2 yet.
  7. S

    Get ready to patch 'severe' bug in OpenSSL this Thursday

    Not necessarily true. This most recent vulnerability that needs to be patched only affects some recent builds that were compiled after a code commit from 1/27/2015. I would go out on a limb and say that, at this point, most people who are contributing to projects like OpenSSL are very...
  8. S

    POWERSHELL HELL - trying to get unrestricted mode

    execute a Get-ExecutionPolicy and see what it returns.
  9. S

    How to connect via SSH on a proxy?

    This isn't the best place to ask for advice on how to try to circumvent the security measures that are put in place by your employer.
  10. S

    Can We 'Delete' Shared Symantec Folder (Uninstalled)?

    You should contact Symantec Support to get the current CleanWipe Utility for SEP.
  11. S

    how to crack full disk encryption truecrypt

    If you're that confident that you know what the password is comprised of, but not the order, then I suggest trying every possible order/combination. Other than that, you're not going to crack truecrypt unless you've got access to a vulnerability/exploit that has not yet been published/exposed.
  12. S

    STP or UTP, in regards to Home Theater, Home Networking and HDMI over Ethernet ?

    I installed some HD-BaseT (HDMI over Cat6) stuff a couple of years ago. At the time, all of the documentation and recommendations I read said to use STP. The product I was using (don't recall exactly what it was) was designed to use patch cables between the transponder and receiver ends. I...
  13. S

    DNS enhancement catches malware sites by understanding sneaky domain names

    That's sufficient until your router has a vulnerability that allows an attacker to change the DNS settings. Same goes for setting the DNS servers on your hosts...it's all good until there is a vulnerability that gets exploited. Or, until your network (not necessarily your SOHO router, itself)...
  14. S

    DNS enhancement catches malware sites by understanding sneaky domain names

    Somewhat related article on some research into the Anthem breach: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/ In that article, they talk about the threat actors using the domain we11point[.]com to impersonate wellpoint[.]com, prennera[.]com to impersonate...
  15. S

    DNS not updating for single network

    Check the DNS settings on their PCs. If they're all pointing at a local RFC1918 address, then you know that there is a DNS server running on the network. You would need to have access to that server and check the DNS configuration (which is going to be done differently depending if it's a...
  16. S

    DNS not updating for single network

    Could be that their internal dns server has an entry for it. Could be some DNS rewrite/doctoring happening on a firewall. Could be host file entries (probably not likely).
  17. S

    Dlink Patches Router Flaws

    Happy to see them release a patch, but, if I had to guess, I would say that <5% of the installation base will actually be patched. Maybe <1%, to be honest.
  18. S

    Lenovo preinstalls man-in-the-middle adware that hijacks HTTPS traffic on new PCs

    The best advice is definitely to remove Superfish immediately. Rob Graham cracked the password for their cert yesterday (read about it here http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html), and has subsequently shown how you can stand up a webserver to perform a MitM...
  19. S

    Email from Social Security Administration

    Did you even read my posts? I have the full headers and content of (very likely) the same email that the OP is referring to. It arrived in my email yesterday, with the same subject. The email I received is legitimate and I've looked at all of the content and verified it is not malicious. Is...
  20. S

    Email from Social Security Administration

    The full header info is below, with my email addr redacted. Like I said earlier, this appears to be legit. The US Social Security Administration does have an account with govdelivery.com, and they do use the services to send out emails to people that have registered for a MySSA account. If...
  21. S

    Email from Social Security Administration

    Yes, they do - if you signed up for an account on their website.
  22. S

    Email from Social Security Administration

    I got one of these that gmail filtered as spam yesterday (and that spam filter looks like a false positive). If I remember to later (I'm on my mobile right now), I'll post the headers. This one actually doesn't look fake. SSA has your email address if you've signed up for an account on their...
  23. S

    SSL connection failed? MITM?

    If you run en.wikipedia.org through Qualys's scanner at ssllabs.com/ssltest, you will see that the server only supports TLS 1.0, 1.1, and 1.2. I'm guessing your browser is trying to use either SSL 3 or SSL 2 (both of which are no longer secure) and the server is rejecting it. I'm not familiar...
  24. S

    Google Updates Disclosure Policy after 0-Day controversy

    Which could, almost certainly, apply to all cases.
  25. S

    Google Updates Disclosure Policy after 0-Day controversy

    I totally understand the reasoning here, but I don't like it. 90 days is the grace-period. At what point do we stop giving out time extensions to fix vulnerabilities? Right now it's a max of 104 days...who is to say that some software vendor doesn't make a big stink about that because they...
  26. S

    CEH, CHFI, LPT, ECSA, CISSP Certifications

    https://www.isc2.org/cissp-how-to-certify.aspx: Candidates must have a minimum of five years cumulative paid full-time work experience in two or more of the 10 domains of the (ISC)² CISSP CBK®. Candidates may receive a one year experience waiver with a four-year college degree, or regional...
  27. S

    CEH, CHFI, LPT, ECSA, CISSP Certifications

    I can't add much to this thread, because I haven't done any training or certification in the EC-Council arena (CEH, CHFI, LPT, and ECSA are all EC-Council certs). I can say that you'll only be able to earn an "Associate of (ISC)2" cert if you pass the CISSP but don't have the required 5 years...
  28. S

    What IT Cert Makes you Jealous?

    As a CISSP, I'd say it's very overrated. Good stuff, but nothing to bow down to. If you want an InfoSec cert that's really worthy of respect, it's the GSE.
  29. S

    300$ for Electrician to setup Network

    Sounds like he might be crimping mod ends onto the wire instead of punching it down to a patch panel or keystone jack. If that's true, I wouldn't want it done that way. See the sticky thread related to proper network cable installation, or the countless other threads there have been on the...
  30. S

    300$ for Electrician to setup Network

    It could be a fair price depending on how easy/difficult it is for him to fish the new wire in so that you've got all home-runs back to 1 location. If it's all wired correctly, and it's only costing $75/drop (1 drop in each of the 4 rooms), then I'd say it's a good price.
  31. S

    Question about maximum lengths for CAT6 pigtails

    http://www.csd.uoc.gr/~hy435/material/Cabling%20Standard%20-%20ANSI-TIA-EIA%20568%20B%20-%20Commercial%20Building%20Telecommunications%20Cabling%20Standard.pdf Page 35 5.5.1 Intra and Interbuilding Distances The length of the horizontal cabling for Category 6 cable supporting data...
  32. S

    Flash Player zero day vulnerability

    There's also a thread on this in the Security forum. Link in the OP is good...that's the newly discovered vuln that was patched yesterday. But be aware that there is still one that adobe doesn't expect to release a patch for until next week...
  33. S

    Flash 0-day targetting 16.0.0.257

    Just FYI - there was a new patch for one of the recent Flash vulnerabilities (CVE-2015-0310) released yesterday (http://helpx.adobe.com/security/products/flash-player/apsb15-02.html). However, there is still another unpatched vulnerability (CVE-2015-0311) that is expected to be released...
  34. S

    Question about maximum lengths for CAT6 pigtails

    Just writing in to agree with skyking. Longer cables can "work", but they're out of spec.
  35. S

    Buying a Weber

    I got a 330 last summer, and the sear burner is absolutely worth the extra cost. I'm not in the habit of grilling much during the winter because I always had cheaper grills and they just couldn't cut it. Last week I fired up the Weber when it was 30F degrees out, with the sear burner on, and...
  36. S

    Introduction/Method for entry-exposure into the Computer Security field

    I would agree that practical experience doing system/network administration is a solid foundation for someone to transition into the InfoSec space. The SANS Reading Room has some very good papers written by security professionals, but there's a chance that a lot of the content is too advanced...
  37. S

    2nd-generation FLIR device for smartphones announced

    Not sure about Gen2. Here's the details for Gen1 - What is the resolution of the camera? FLIR ONE’s Lepton™ thermal sensor is 80x60 pixels and the visible camera is VGA (640x480), but the MSX blending in FLIR ONE embosses the visible camera onto the thermal images, making the resolution...
  38. S

    Tricks to install electrical outlet in existing run?

    I'm running into a somewhat similar problem. We removed an old single-room Air Conditioner that was built in to the wall under a bedroom window. When we took out the unit, we found that the wiring for the regular electrical outlets originally ran through the wall where the Air Conditioner was...
  39. S

    Mapped network drive "This operation has been cancelled due 2 restrictions in effect"

    I think any value other than 0 would mean that some kind of restriction is in place, but you can search TechNet to verify the values.
  40. S

    Mapped network drive "This operation has been cancelled due 2 restrictions in effect"

    Maybe also check your registry in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer for a DWORD named NoDrives or NoViewOnDrive.
COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |