16 Nov 2015 – Week ind Security
Editors Note: I decided a few months ago that I would create a weekly newsletter with an editorial twist for all my readers to promote a monthly newsletter. I recommend everyone just sign up right now. While I get everything going however, I figured I would give my readers a taste of my analysis over the weeks’ news. This is the first of a series of posts that provides this analysis. I decided to call this series of notes, Week ind Security, a play on Weakened Security.
First thoughts this week is the sadness I feel for the people of France. I fear that we have started to enter a new era in our history one that we may have not seen for a long time. I always wonder in my head what role does technology have in predicting and helping. Before I dive into this, I have decided to postpone my full analysis on this until the next week, as of the writing of the news letter was in the midst of the news breaking. I just wanted to add that the most earth shattering thoughts I had about this was the fact that this was all over social media which was the first time we had ever seen Social Media (Twitter and Periscope) used in this matter ever. I just wanted to make mention of this as I leave this example found on this blog post.
Overall the security news of the week this week is from a range of sources. The Washington Post has a series of articles on the security of the internet, this week it features a controversial look at Linux and Linus Torvalds. I also included some fun tidbits from around the entire industry from mimikatz to jboss and vbulletin bugs. I hope that you find these articles good enough to read and pass around.
Most interesting stories of the week.
Editors Note: This is probably not a scalable solution for the masses. I can’t imagine that you would want to buy thousands of these, plus, how would you pass the USB over VMware? I mean you could, but it’s not so simple or easy to track down which machine. Either way, it is fun, I’m going to buy one!
Editors note: I’m excited for this! I am thinking that we are going to be seeing a large uptick in encrypted traffic, and for the good. I cheer this one on. I am a big believer in Encrypt first technologies. Public Beta is slated for a few weeks from now and I for one, hope to try to check it out.
Editors note: Is Linus really wrong? I mean I am a pragmatist. I don’t know either of Linus or the security community is right or wrong. I think the truth and the compromise of how it’s look at is equally important. Some people may as well want to encase a computer in concrete and make it unusable for the sake of security. Others wish for it to run like MS-DOS. I think the truth is somewhere in the middle. The debate rages on, but what a good article.
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.</strong>
Editors Note: Wait, wait, are you saying that there could be bugs when you serialized between formats? In all seriousness, I think that this is a really good writeup because it explains how to approach a Java Serialization and web bugs. I would recommend everyone to go out and read it even you have never understood java, it is a very good writeup.
Editors Note: UCF has won a ton of these hacking competitions, they just seem to keep winning. Good job.
Editors Note: This one is just ugly, vBulletin (like most other PHP Based forums), widely used, and according to some reports this may have been a silent RCE that was in the framework for a long time.