Comments for The GANSEC Security Weblog http://gansec.com/blog The official Weblog of Georgia Network Security Consulting, LLC. Thu, 09 Feb 2012 02:51:08 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Trendnet home security cam flaw exposes video feeds on net by Trendnet http://gansec.com/blog/?p=429&cpage=1#comment-9821 Trendnet Thu, 09 Feb 2012 02:51:08 +0000 http://gansec.com/blog/?p=429#comment-9821 TRENDnet has posted the resolution to the security breach on their IP cameras. You can check information on affected TRENDnet IP cameras at: http://www.trendnet.com/products/features.asp?featureid=52. You can download critical firmware along with detailed update instructions for the affected TRENDnet IP cameras at http://www.trendnet.com/downloads/. TRENDnet has posted the resolution to the security breach on their IP cameras. You can check information on affected TRENDnet IP cameras at: http://www.trendnet.com/products/features.asp?featureid=52. You can download critical firmware along with detailed update instructions for the affected TRENDnet IP cameras at http://www.trendnet.com/downloads/.

]]> Comment on Verisign hacked several times in 2010, didn’t disclose until now by Verisign hacked several times in 2010, didn’t disclose until now | Broadland Security http://gansec.com/blog/?p=424&cpage=1#comment-9632 Verisign hacked several times in 2010, didn’t disclose until now | Broadland Security Sat, 04 Feb 2012 00:01:40 +0000 http://gansec.com/blog/?p=424#comment-9632 [...] post: Verisign hacked several times in 2010, didn’t disclose until now Share on beboBlog this!Bookmark on DeliciousDigg this postShare on dzoneRecommend on FacebookShare [...] [...] post: Verisign hacked several times in 2010, didn’t disclose until now Share on beboBlog this!Bookmark on DeliciousDigg this postShare on dzoneRecommend on FacebookShare [...]

]]> Comment on Honda’s Customer Database breached – millions of email addresses and VIN numbers leaked by Japanese Automaker Honda Data Breach Affects 4.9 Million Customers | Alertsec Xpress Data Security Blog http://gansec.com/blog/?p=312&cpage=1#comment-1520 Japanese Automaker Honda Data Breach Affects 4.9 Million Customers | Alertsec Xpress Data Security Blog Thu, 06 Jan 2011 16:36:26 +0000 http://gansec.com/blog/?p=312#comment-1520 [...] Honda’s Customer Database breached – millions of email addresses and VIN numbers leaked (gansec.com) [...] [...] Honda’s Customer Database breached – millions of email addresses and VIN numbers leaked (gansec.com) [...]

]]> Comment on New Fake AV variant out there, Norton/Symantec/Microsoft do NOT DETECT IT by Sven Olensky http://gansec.com/blog/?p=275&cpage=1#comment-754 Sven Olensky Tue, 09 Nov 2010 16:25:54 +0000 http://gansec.com/blog/?p=275#comment-754 It seems to be connecting to the Chinese site and just pull up a 'checkout' page. Sorry, I don't distribute viruses so I can't send it to you. It seems to be connecting to the Chinese site and just pull up a ‘checkout’ page.

Sorry, I don’t distribute viruses so I can’t send it to you.

]]> Comment on New Fake AV variant out there, Norton/Symantec/Microsoft do NOT DETECT IT by Jared http://gansec.com/blog/?p=275&cpage=1#comment-719 Jared Tue, 02 Nov 2010 21:53:51 +0000 http://gansec.com/blog/?p=275#comment-719 I recently encountered this thing as well. It's a new iteration of the ThinkPoint scam. Another idea, since I no longer have the files to play with (in hindsight, I should have kept them), I'm wondering if it sets up an HTTP server (nginx) after looking at the activity logs. Do you still have these files? I recently encountered this thing as well. It’s a new iteration of the ThinkPoint scam. Another idea, since I no longer have the files to play with (in hindsight, I should have kept them), I’m wondering if it sets up an HTTP server (nginx) after looking at the activity logs.

Do you still have these files?

]]> Comment on Immature Security Researchers Mad at Microsoft, Release 0-Day Exploits by Sven Olensky http://gansec.com/blog/?p=228&cpage=1#comment-120 Sven Olensky Fri, 23 Jul 2010 14:11:07 +0000 http://gansec.com/blog/?p=228#comment-120 Michael, it doesn't bother me that vendors are being put under the gun to fix some issue that others find -- in that respect, I am all for slapping them with the exploit as soon as it is found. However, my concern is the user base that has vulnerable software installed. If an exploit is released and there is no fix in sight from the vendor, then the people who have to deal with the infections/attacks/etc are the users that run that vulnerable software. The users are going to be the victims, not the vendors. Michael, it doesn’t bother me that vendors are being put under the gun to fix some issue that others find — in that respect, I am all for slapping them with the exploit as soon as it is found. However, my concern is the user base that has vulnerable software installed. If an exploit is released and there is no fix in sight from the vendor, then the people who have to deal with the infections/attacks/etc are the users that run that vulnerable software. The users are going to be the victims, not the vendors.

]]> Comment on Immature Security Researchers Mad at Microsoft, Release 0-Day Exploits by Michael http://gansec.com/blog/?p=228&cpage=1#comment-119 Michael Fri, 23 Jul 2010 13:57:13 +0000 http://gansec.com/blog/?p=228#comment-119 Why do so many people find this shocking. There is no reason at all to give software vendors any notice before publishing an exploit, it simply a common nicety in our field. Personally I think exploits should be published the day they are found. Software vendors make a decision based on money and time when publishing code, why should security researchers factor that into their disclosure notices. All too often I have heard from software companies that that security fix will take too long, we'll release it 'as is' and add a bug to the tracker so we fix by next release. Why do so many people find this shocking. There is no reason at all to give software vendors any notice before publishing an exploit, it simply a common nicety in our field. Personally I think exploits should be published the day they are found. Software vendors make a decision based on money and time when publishing code, why should security researchers factor that into their disclosure notices. All too often I have heard from software companies that that security fix will take too long, we’ll release it ‘as is’ and add a bug to the tracker so we fix by next release.

]]> Comment on Mass infection of web sites running IIS with ASP by Guard against SQL injection attacks: protect your database « The GANSEC Security Weblog http://gansec.com/blog/?p=194&cpage=1#comment-13 Guard against SQL injection attacks: protect your database « The GANSEC Security Weblog Wed, 09 Jun 2010 18:50:34 +0000 http://gansec.com/blog/?p=194#comment-13 [...] Mass infection of web sites running IIS with ASP [...] [...] Mass infection of web sites running IIS with ASP [...]

]]> Comment on How to secure your Smartphone (Blackberry, iPhone, Windows Mobile-based phones) by If Your Password Is 123456, Just Make It HackMe | TechNexus.info http://gansec.com/blog/?p=113&cpage=1#comment-10 If Your Password Is 123456, Just Make It HackMe | TechNexus.info Thu, 21 Jan 2010 23:58:28 +0000 http://gansecblogger.wordpress.com/?p=113#comment-10 [...] How to secure your Smartphone (Blackberry, iPhone, Windows Mobile … [...] [...] How to secure your Smartphone (Blackberry, iPhone, Windows Mobile … [...]

]]> Comment on New serious Windows / ActiveX exploit – Workaround available by Critical: Microsoft patches coming out Tuesday to fix ActiveX vulnerabilities, new vulnerability in MS Office « The GANSEC Security Weblog http://gansec.com/blog/?p=62&cpage=1#comment-9 Critical: Microsoft patches coming out Tuesday to fix ActiveX vulnerabilities, new vulnerability in MS Office « The GANSEC Security Weblog Mon, 13 Jul 2009 17:53:20 +0000 http://gansecblogger.wordpress.com/?p=62#comment-9 [...] in Advisories, hacks, patches. Tags: Microsoft-Worm, patches, advisory, microsoft trackback I mentioned this last week, and Microsoft is planning to patch it tomorrow (Tuesday), from what I read. Stay alert and patch [...] [...] in Advisories, hacks, patches. Tags: Microsoft-Worm, patches, advisory, microsoft trackback I mentioned this last week, and Microsoft is planning to patch it tomorrow (Tuesday), from what I read. Stay alert and patch [...]

]]>