Will Bar Mitzvah Be The Death Knell for RC4 Crypto?

March 30th, 2015

RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices, […]

By: - Independent Computer Security Analyst


Android users exposed to malware by installer hijacking vulnerability

March 27th, 2015

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. […]

By: - IT Secured. Success Optimized.


Introducing HEAT Software

March 20th, 2015

Jonathan Temple, President & CEO, HEAT Software. Our recent merger of Lumension and FrontRange marks an important new chapter in the evolution of service and unified endpoint management. The two companies are merging to form HEAT Software and I’m thrilled to be heading the newly formed organization as CEO. I should hasten to add that the […]

By: - Independent Computer Security Analyst


Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

March 18th, 2015

New versions of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, are due to be released on Thursday, patching a series of security vulnerabilities. And one of those security vulnerabilities, according to the software’s developers, is considered “highly serious”. Details of the nature of the security flaws are currently non-existent, but […]


To Patch or Not To Patch, Which is Riskier?

March 16th, 2015

Patching systems in an enterprise is a complex and risky activity. It’s extremely time-consuming if you do it right. It’s even more time consuming if you don’t do it right. And in either case, there is fallout to deal with after patching. The patches don’t get applied to some systems, some systems stop working after […]

By: - Sr. Director Solutions and Strategy


Open Source Security – A Change In the Wind?

March 12th, 2015

As we approach the April anniversary of the Heartbleed security defect (CVE-2014-0160), it’s an understatement to say the last year has been rough sledding for OpenSSL. Since OpenSSL is a critical building block for the tools used to initiate and manage most secured transactions on the internet (e.g. SSL and TLS,) there’s a lot riding […]

By: - Director, Product Management


FREAK Fixes From Apple and Microsoft Plus 14 Security Bulletins this Patch Tuesday

March 10th, 2015

Microsoft issued 14 security bulletins today, 5 of which are critical and 9 are important. A total of 44 vulnerabilities in all are addressed; 3 of which are known and being exploited now. If your organization uses Windows, Office, Exchange and/or IE, it will be a very busy patching month for you. Not to mention […]

By: - Independent Computer Security Analyst


Government report and US senator criticises Air Traffic Control network security

March 10th, 2015

New York Senator Charles Schumer held a press conference this weekend, demanding “immediate action” to improve the security of the Federal Aviation Administration’s computer systems. His concern? That terrorists could break into national air traffic control systems run by the FAA, and use them to wreak havoc in the skies above America. The Democratic senator […]


You’re Still Using Clear Text Passwords!?

March 9th, 2015

This week I was doing some poking around in the hacking forums. Someone recently posted a huge password list. These get circulated around from time to time. It’s a long list of words and character sequences people commonly use for passwords. The intent is that you feed the list to a tool like John the […]


Does Open Source Mean Open Season?

March 2nd, 2015

There has long been a debate over whether open source software is generally more secure or less secure than commercial software. Proponents of open source say it’s more secure because more people are looking at the code, increasing the chances that problems will be seen, documented, and corrected. Proponents of commercial software claim that vendors […]

By: - Independent Computer Security Analyst


To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]

By: - Independent Computer Security Analyst


What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]


Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]

By: - Independent Computer Security Analyst


Patching Haste Makes Waste

February 20th, 2015

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy. Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to […]


Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us