Blog Archives

Critical MySQL Flaw

No patches or mitigations (official) but make sure your my.cnf file is owned by root.

In 2017 Google Chrome Labels Non-HTTPS Sites as Non Secure

To bolster the effort of https for all web connections, Chrome will start warning users about any site they visit that does not require encryption.

Loud Noise Can Damage Hard Drives

Bank loses main data center due to fire extinguisher test.

Stealing Credentials from a Locked Workstation

Plugging in a specially prepared USB device allows the collection of Windows password hash.

Watch What You Post.

Photos of whiteboards sometimes contain confidential information.

The Limits of SMS for 2FA

NIST says we have to stop using SMS for two factor authentication.  Krebs details why it’s broke.

Apple Patches OS X

The same recent flaw that affected iOS can cause Safari on OS X to run arbitrary code.  Patch Now.

L0pht Says Windows Passwords Less Secure than 20 Years Ago

Microsoft hasn’t upgraded the MD4 hash used on passwords and the new version of lophtcrack on gaming hardware can break most passwords in 2 hours.

Don’t Use Unknown ThumbDrives

If you find it on the ground, don’t plug it into your computer.

5 Biggest Hacking Myths

What does Hollywood get wrong?