Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Rooting

June 02, 2020 by Marc Handelman in Operating System Security, Mobile Insecurity, Must Read

via Ax Sharma - writing at Bleeping Computer, comes the tale of the unc0ver jailbreak flaw on all versions of Apple Inc.'s (NASDAQ: AAPL) iOS mobile operating systems - now at version 13.5.1. Today's Must Read.

June 02, 2020 /Marc Handelman
Operating System Security, Mobile Insecurity, Must Read

Ladies and Gentlemen, Girls and Boys: The Redmondian Leviathan

Microsoft Quality Control Problems: The Litany

January 27, 2020 by Marc Handelman in Security Cruft, Operating System Security, Operating Systems, Code Incomplete

via the inimitable Lawrence Abrams, writing at Bleeping Computer, comes the bad news for Microsoft Corporation (NASDAQ: MSFT) and Windows users worldwide. The latest Zero Day IE fix has apparently broken printing for a large number of users of the Windows operating system. What has happended to the once highly respected QA groups at the Redmondian Leviathan? Read more...

'On January 17th, 2020, Microsoft disclosed a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9 that was being used in "limited targeted attacks". As no update is available yet, Microsoft released a temporary fix that involves changing the owner of the %windir%\system32\jscript.dll and denying access to the file for the Everyone group.' - via Lawrence Abrams, writing at Bleeping Computer

January 27, 2020 /Marc Handelman
Security Cruft, Operating System Security, Operating Systems, Code Incomplete

Image Courtesy of Brian Smale and Microsoft

MSFT Drops OS Ball, Again

November 02, 2018 by Marc Handelman in Oops!, Operating System Security, Or Lack Thereof

Why is Microsoft Corporations' (NASDAQ: MSFT) CEO Satya Nardella touting underwater servers instead of focusing on the plight of current Windows Server and Desktop users dealing with the apparent incompetence of Microsoft staff and contractors running Windows Update systems? (With the latest screwup in Windows Update-land - the bad code pushed out to users in the October 2018 Update that deleted user files, and other necesary system files - is as of today NOT not fixed which caused the company to pull the October Update - and it's now November...) Is it the money from the cloud profit center (otherwise known as Azure) that's 'clouding' his vision? You be the judge!

November 02, 2018 /Marc Handelman
Oops!, Operating System Security, Or Lack Thereof

Join The Club

October 27, 2018 by Marc Handelman in Linux Security, OpenBSD, Operating System Security, Information Security

Via Dan Goodin, Security Editor at Ars Technica, comes news of OpenBSD, Debian, CentOS, Ubuntu and Red Hat Linux flaws - in existence for an estimated 23-months (and just discovered).

'An advisory X.org developers published Thursday disclosed the 23-month-old bug that, depending on how OS developers configure it, lets hackers or untrusted users elevate very limited system rights to unfettered root.' - via Dan Goodin, Security Editor at Ars Technica

October 27, 2018 /Marc Handelman
Linux Security, OpenBSD, Operating System Security, Information Security

Image Credit: Microsoft Corporation

Rather Than Focusing On Fixing Lame Windows Update System, Microsoft CEO Targets New Electronic Cricket Bat

October 12, 2018 by Marc Handelman in Blatant Stupidity, Corporate Evil, Cruft, Operating Systems, Operating System Security, Operability

Smart Move - Satya - Smart Move Now, what was it you were going to do about the October Creators Update for Windows 10 nagging problem of deleting user documents and other files en mass? Was this a redirection marketing tactic to deflect attention from the recent rash of Microsft Windows Update failures plaguing Redmond; or is it a Lack of Focus Mr. Nadella? (Update: News from Martin Brinkmann at GHacks that the file deletion issue is reportedly fixed). To be fair, an inability to service operating system updates robustly is not just a Microsoft Corporation (Nasdaq: MSFT) failure, this SNAFU is a hallmark of the so-called Android 'ecosystem' as well. Oh, and I'm a cricket fan as well. Enjoy.

October 12, 2018 /Marc Handelman
Blatant Stupidity, Corporate Evil, Cruft, Operating Systems, Operating System Security, Operability

macOS Mojave Security - User Operability Flaws Lead To Slippery Slope

September 24, 2018 by Marc Handelman in Information Security, Operating Systems, Operating System Security, User-Land Security, User-Land, Operability, Must Read

via the inimitable Rich Mogull, writing at TidBits, comes this interesting take on newly implemented user-land security operability problems in Apple Inc.'s. (Nasdaq: AAPL) desktop operating variant of Darwin (aka macOS X (10.14 Mojave). Typically, strict utilization of user-land intervention implementing security controls leads to insecure configurations. Today's Must Read (especially considering the mew macOS version is due for general release today!).

September 24, 2018 /Marc Handelman
Information Security, Operating Systems, Operating System Security, User-Land Security, User-Land, Operability, Must Read

BSidesCharm 2018, Daniel Grant's 'Powershell Deobfuscation: Putting The Toothpaste Back In The Tube' →

May 14, 2018 by Marc Handelman in BSides, BSidesCharm, Conferences, Education, Operating System Security, Powershell, Information Security
May 14, 2018 /Marc Handelman
BSides, BSidesCharm, Conferences, Education, Operating System Security, Powershell, Information Security

iOS: The Trust Jacking Gambit →

April 20, 2018 by Marc Handelman in Operating Systems, Operating System Security, Opposable Thumbs, Information Security, Device Security, Device Exploitation, Vectored Attacks

Roy Iarchy, writing at Symantec's security blog, comes this story of Apple Inc.'s (Nasdaq: AAPL) iOS, Operating System flaws, and the vector - the TrustJacking gambit, all wrapped up in a nice tidy package. Bad news for iOS, good news for Security vendors, eh? And, not surprisingly, users running older devices not patchable by APple are vulnerable to this form of iOS device jacking as Apple's not focused on patching older devices. Today's unfortunate Must Read.

April 20, 2018 /Marc Handelman
Operating Systems, Operating System Security, Opposable Thumbs, Information Security, Device Security, Device Exploitation, Vectored Attacks

Malus Domestica Nummus →

July 10, 2017 by Marc Handelman in Economics, Security Economics, Communication Security, Application Security, Operating System Security

Vice's Motherboard scribe Lorenzo Franceschi-Bicchierai regales us (on a Monday, no less), of the tale of monetary gains in the world of high-end Apple Inc. (NasdaqGS: AAPL) iPhone bugs. In this case, where, in fact, the real money resides. Today's Must Read.

July 10, 2017 /Marc Handelman
Economics, Security Economics, Communication Security, Application Security, Operating System Security

BSides Cleveland 2017, Cody Smith's 'MacOS - An Easy Exploit 2 Ways' →

July 03, 2017 by Marc Handelman in Conferences, Education, Information Security, Operating System Security, Operating Systems
July 03, 2017 /Marc Handelman
Conferences, Education, Information Security, Operating System Security, Operating Systems

Linux Security, The Litany of Failure →

December 16, 2016 by Marc Handelman in Accountability, All is Information, Information Security, Operating System Security, Linux Security, Linux

Well-wrought thought piece on the failure of Red Hat and Ubuntu to secure their respective distros utilizing standardization in the form of reproducible builds (and other means).

Damn kids apparently have forgotten their lessons whilst in kindergarten regarding safe and fair play. In this case, however, we have the added component of organizations, companies and individuals suffering due to the ineptitude of the big names in Linux... Astounding.

h/t

December 16, 2016 /Marc Handelman
Accountability, All is Information, Information Security, Operating System Security, Linux Security, Linux

SAMRi10 and NetCease, Preventative Medicine for Windows Cruft

December 09, 2016 by Marc Handelman in All is Information, Cruft, Operating Systems, Operating System Security, Information Security

News of two (SAMRi10, NetCease) Microsoft Corporation (NasdaqGS: MSFT) PowerShell scripts from Itai Grady providing at least some preventative Windows 10 medicine in the on-going battle against Windows Cruft.

December 09, 2016 /Marc Handelman /Source
All is Information, Cruft, Operating Systems, Operating System Security, Information Security

BSides Lisbon 2016, Oliver Kunz's 'Semi-Offline Attack on the Android Full-Disk Encryption' →

November 25, 2016 by Marc Handelman in All is Information, Conferences, Education, Information Security, Operating System Security
November 25, 2016 /Marc Handelman
All is Information, Conferences, Education, Information Security, Operating System Security

No Fix Inject →

October 28, 2016 by Marc Handelman in Blatant Stupidity, All is Information, Information Security, Operating System Security, Operating Systems

via ZDNet's Charlie Osborne comes a well-wrought report of the continued unremediated and unmitigated flaws in Microsoft Corporation's (NasdaqGS: MSFT) Windows 10.

 

 

 

 

October 28, 2016 /Marc Handelman
Blatant Stupidity, All is Information, Information Security, Operating System Security, Operating Systems

Found Wanting... →

October 09, 2016 by Marc Handelman in Kernel Cracks, Security Flaws, Operating System Security, Operating Systems, Unix-like OS, Linux, Android, Linux Security, Kernel Security

J.M. Porup -  an Ars Technica UK writer - examines the security posture of the Linux kernel, and finds it somewhat wanting...

October 09, 2016 /Marc Handelman
Kernel Cracks, Security Flaws, Operating System Security, Operating Systems, Unix-like OS, Linux, Android, Linux Security, Kernel Security

Come Clean →

August 29, 2016 by Marc Handelman in Accountability, Corporate Evil, Operating System Security, Operating Systems

Meanwhile, in Microsoft Corporation (NASDAQGS: MSFT) news, comes this piece from BGR;  focusing on the EFF's targeting of the Redmond, WA leviathan's allegedly egregious use of Windows Update to push Windows 10 onto user's desktops... Visit the Electronic Frontier Foundation's blog for more info.

August 29, 2016 /Marc Handelman
Accountability, Corporate Evil, Operating System Security, Operating Systems

Redmond's PAW →

January 18, 2016 by Marc Handelman in All is Information, Cruft, Information Security, Operating System Security, Operating Systems

Microsoft Corporation (NasdaqGS: MSFT) has released the Redmond, Washington software leviathan's Privileged Access Workstations.

Essentially, PAWS provisions a workstation to perform high risk-determined activities (SysAdmin work, for example), and permits a user VM on the machine to perform less sensitive, mundane tasks such as normal office tasks.

Seems a might crufty, eh?

'In simplest terms, a PAW is a hardened and locked down workstation designed to provide high security assurances for sensitive accounts and tasks. PAWs are recommended for administration of identity systems, cloud services, and private cloud fabric as well as sensitive business functions.' - via Microsoft Technet

January 18, 2016 /Marc Handelman
All is Information, Cruft, Information Security, Operating System Security, Operating Systems

28x →

December 31, 2015 by Marc Handelman in All is Information, Brilliant, Information Security, Operating System Security, OpenSource, Operating Systems

Old, as these things go, yet truly the most glaring example of operating system failures yet seen, this time in Linus's Linux (Full Disclosure: We are heavy users of at least three Linux distro's)... Comes this outstandling and outrageous vulnerability, starting in 2009's release of Grub (also known as the Grand United Bootloader) all the way down through the ages to today 2015! The Dr's Marco and Ripoll of this embroglio-laden code expound further:

"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer. Grub2 is the bootloader used by most Linux systems including some embedded systems. This results in an incalculable number of affected devices." - via Hector Marco, Ph.D. & Professor Ismael Ripoll, Ph.D., Cybersecurity Group.

December 31, 2015 /Marc Handelman
All is Information, Brilliant, Information Security, Operating System Security, OpenSource, Operating Systems

The Badness Continues, Flaws in iOS and OS X →

June 18, 2015 by Marc Handelman in All is Information, Operating System Security, Information Security

Maybe it's the impending Summer Solstice; well, whatever it 'tis, it ain't good, to use the vernacular... via journalist Dan Goodin, Ars Technica's Security Editor comes a Tale of Woe in Cupertino. Evidently, the flaws are signifcant and OS X Keychain related. Read the full story here.

"The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed," the researchers warned. "Such findings, which we believe are just a tip of the iceberg, will certainly inspire the follow-up research on other XARA hazards across platforms." - via Dan Goodin, writing at Ars Technica

June 18, 2015 /Marc Handelman
All is Information, Operating System Security, Information Security

Beemers, Vulnerable →

February 01, 2015 by Marc Handelman in Transport Security, Wireless Security, Vulnerabilities, Substitution, Operating System Security, Network Security

News, of vulnerabilities discovered within the Bayerische Motoren Werke AG (XETRA: BMW AG) Connected Drive system, now in many BMW cars and SUVs. Specifics revolve about the capability for remote unlock, and the hack thereof.

February 01, 2015 /Marc Handelman
Transport Security, Wireless Security, Vulnerabilities, Substitution, Operating System Security, Network Security
  • Newer
  • Older