Events Related
- RSAC 2017 – www.youtube.com
RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia.
- Irongeek.com – www.irongeek.com
Welcome to Irongeek.com, Adrian Crenshaw’s Information Security site (along with a bit about weightlifting and other things that strike my fancy). As I write articles and tutorials I will be posting them here.
Resources
- We have broken SHA-1 in practice – shattered.io
This industry cryptographic hash function standard is used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates.
- Sites Using Cloudfare – github.com
This is a (work-in-progress) list of domains possibly affected by the CloudBleed HTTPS traffic leak. Original vuln thread by Google Project Zero.
Tools
- osx-wificleaner – github.com
Cleans out “open” wireless connections from OSX machines
Vulnerabilities
- Hackers who took control of PC microphones siphon >600 GB from 70 targets – arstechnica.com
Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.
- Cloudfare Bug
Cloudflare helps companies spread their websites and online services across the internet. Due to a programming blunder, for several months Cloudflare’s systems slipped random chunks of server memory into some webpages, under certain circumstances.- Cloudbleed: Big web brands ‘leaked crypto keys, personal secrets’ thanks to Cloudflare bug – www.theregister.co.uk
- Incident report on memory leak caused by Cloudflare parser bug – blog.cloudflare.com
- cloudflare: Cloudflare Reverse Proxies are Dumping Uninitialized Memory – bugs.chromium.org
Leave A Comment