Week 10 In Review – 2017

Techniques Hacking Unicorns with Web Bluetooth - Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My research focused on the toy itself, in particular some issues we found with its Bluetooth LE connectivity and features. Still Passing the Hash 15 Years Later - So I first thought about it [...]

DNSSEC for All Top Level .GOV Domains

Last week the Office of Management and Budget released memoranda M-08-23, titled Securing the Federal Government’s Domain Name System Infrastructure. The document states that all US government top level .gov domains will use DNSSEC starting in January 2009. This is in response to the DNS cache poisoning attack that Dan Kaminsky made public a few [...]

2017-03-12T17:40:22-07:00 August 29th, 2008|Security Vulnerabilities|1 Comment