Fujiwhara Effect: A Tale Of

April 13, 2020 by Marc Handelman in Fujiwhara Effect, Vulnerability Research, Vulnerabilities, Information Security, Must Read

The next Fujiwhara Effect is 'slated' for April 14 2020 (tomorrow). In this scenario, the Effect is not related to cyclonic vortices adjacent to each other, but rather, the close proximaty in time, of multiple vendor announcements with multiple (per vendor) vulnerabilities to computational, internetworking and other activities. Mind you - be certain to don those nor'easter rain bonnets before crying for relief from the non-stop onslaught of vulnerability fixes on the 'nigh! Todays' Must Read.

Comcast Hole Of Doom: The Plugging

August 14, 2018 by Marc Handelman in Vulnerabilities, Vulnerability Research, Information Security

News via Jeff Baumgartner, writing at Light Reading, of the apparent remediation of a deep (and wide) hole in Comcast systems; certainly today's MustRead!

"One of the vulnerabilities uncovered by security researcher Ryan Stevenson centered on an in-home authentication portal that lets customers pay bills without signing in with their credentials." via Jeff Baumgartner, writing at Light Reading

via the comic superiority of Robert M. Lee and the superb illustration work of Jeff Haas at Little Bobby Comics — **via** the comic superiority of **Robert M. Lee** and the superb illustration work of **Jeff Haas** at **Little Bobby** **Comics**

Robert M. Lee & Jeff Haas's 'Little Bobby - Preparatory Action' →

April 08, 2018 by Marc Handelman in Little Bobby Comics, Information Security, Vulnerability Research, Vulnerabilities, Reconnaissance, Security Humor

Illustration from the Kaspersky Labs Document.

Six Years The Lurker →

March 12, 2018 by Marc Handelman in Vulnerable Systems, Vulnerability Research, Vulnerabilities, Attack Analysis, APT

Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing the devil's offspring in code-complete form. More, here.

"The researchers still don't know precisely how Slingshot initially infected all its targets. In several cases, however, Slingshot operators got access to routers made by Latvian manufacturer MikroTik and planted a malicious code in it." - via Dan Goodin, slaving away over a sizziling keyboard at ArsTechica

Another Flawed Bit of Intel Corp Nonsense, The Active Management Technology Vector →

January 17, 2018 by Marc Handelman in Bombast, Blatant Incompetence, Vulnerabilities, Vulnerability Research, Vulnerable Systems, Information Security, Hardware Security, Hardware Flaws

Reportedly, Harry Sintonen, empolyed at F-Secure as a security researcher, discovered during the course of his labors - a flaw in Intel's Active Management Technology (AMT) firmware. Ooops.

As is typical of Intel Corporation (Nasdaq: INTC) the firm is attempting to shirk responsability for this attack and transfer the blame onto the company's vendors, not to mention the glad-handing exhibited by the company's CEO at CES.

It's time to rein in Intel Corporation's significantly flawed software development practice (as evidenced by the output), as the ramifications for the company's vulnerability touch many - if not all - systems worldwide. Further, what else is flawed in the company's other products (for example, automotive chips, medical device systems where the firm's hardware and software reside)?

'But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).' - via Sean Gallagher - writing at Ars Technica

Smart Speaker Flaws, The Pranking

December 29, 2017 by Marc Handelman in Information Security, Vulnerability Research, Vulnerabilities, Hubris

Via Catalin Cimpanu, writing at Bleeping Computer, comes one of today's most interesting - yet innocuous (thus far) - flaws, targeting the speaker products of both Sonos and Bose Corporation. Apparently, the flaws are of the remote exploit variety, of which, permits remote attackers to execute sounds upon command. The possibilites, therefore, are significant (considering the Children of the Script out there...). So far, the reports have noted pranking connected to the flaw.