Uncategorized – Page 4 – Paul's Notepad

Vulnerability in the GNU C library

Paul Darr / 2016-02-16 / Leave a Comment

Threat: A vulnerability in the GNU C library allows a buffer overflow attack to be performed on software compiled with glibc.
Solution: Install software updates for software compiled with glibc immediately.
URL: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Basically this vulnerability can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they’re exposed to man-in-the-middle attacks. Devices that are most likely to be vulnerable are Linux based servers and internet devices. The maintainers of glibc have already released an update that patches the vulnerability. So patching for a server admin should be a simple manner of performing updates.

Where the impact of this vulnerability is less clear is various Internet of things devices that often don’t receive a software update over the life of the device. Many of those devices may remain vulnerable until they are replaced. One device that is not vulnerable is Android, as it uses a glibc substitute called Bionic.

Vulnerability in the GNU C library Read Post »

Users targeted with malware in advertising

Paul Darr / 2016-01-19 / Leave a Comment

Threat: Users targeted with malware in advertising
Solution: Utilize adblocking technology and/or implement other security measures such as disabling javascript by default
URL: http://www.engadget.com/2016/01/08/you-say-advertising-i-say-block-that-malware/

Specifically in this threat the website Forbes asked users to disable ad blockers but the ads served were found to contain malware. This particular instance is worse in my opinion than some as the website owners asked users to disable what is quickly becoming a popular security option and then preceded to serve users malware. While I like to support websites, it makes it difficult to do so when ad networks are not better vetted.

In a multi layered approach security professionals should keep their systems and plugins patched so that known exploits can’t be used on systems. As another layer of security I also recommend turning off javascript by default and only enabling that on trusted websites. Unfortunately in this case the web site would normally be a trusted source so full ad blocking through a proxy, software or other mechanism would be the only way to completely remove exposing systems to the malware.

Users targeted with malware in advertising Read Post »

Cities face many risks from cyberattackers and the attacks are increasing.

Paul Darr / 2016-01-12 / Leave a Comment

Threat: Cities face many risks from cyberattackers and the attacks are increasing.
Solution: Cities need to continue to catch up in cybersecurity and practice responses to cyberattacks.
URL: http://www.marketwatch.com/story/the-mind-boggling-risks-your-city-faces-from-cyber-attackers-2016-01-04

In the article the author details the numerous threats and vulnerabilities in cities infrastructure. For example the city of San Diego uses 400 different applications, some of them decades old. With more and more systems exposed to the Internet through networks, these out of date systems are extremely vulnerable. Patching systems isn’t the only solution necessary.

In addition to updating software and policies cities need to practice responses to cyberattacks. The article tells of one simulation where a city wasted 45 minutes waiting for an engineer to reach a computer. Cities need to know who handles what and have a plan for when they can’t reach a point of contact. Through this multi layer approach cities can better prepare for cyberattacks.

Cities face many risks from cyberattackers and the attacks are increasing. Read Post »

Google Maps placed my house in the witness protection program

Paul Darr / 2015-12-03 / Leave a Comment

I have no clue why but Google Maps has blurred out my house on Street View. It’s pretty odd that it has suddenly done this without me requesting it. I placed a request to remove the blurring but the response was less than helpful. I’m wondering if I upload some photo’s to Google maps, if it will remove the blurring.

Hi,

The Street View you reported has been reviewed but does not qualify for blurring or removal under our policies.

Street View seeks to enrich our visual understanding of the world by featuring imagery from public property. We blur or remove images from Street View according to our Street View Privacy and Security Policies, including images that have:

Individual faces

Legible license plates

An individual’s home

Violations of our content policies

Thank you for using Street View. We appreciate your feedback as we work to make Google Maps a valuable resource for everyone.

Sincerely,
The Google Maps Team

Google Maps placed my house in the witness protection program Read Post »