Informationweek Influencer
Andrew Storms (@st0rmz)
- Twitter Bio:
- Director of Security operations for nCircle. Information security, cloud, DevOps, threats and risks. Plus some personal photography projects.
- Location:
- San Francisco, CA
- Website:
- http://blog.ncircle.com/t5/Sync-Blog/bg-p/Sync
Andrew Storms's Selections From the Web
Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.On Sunday, Oracle rushed out a fix for a critical bug in Java that had been folded into exploit kits, crimeware made to automate the exploitation of computers via Web browser vulnerabilities. On Monday, an administrator of an exclusive cybercrime forum posted a message saying he was selling a new Java 0day to a lucky two buyers. The cost: starting
Kim Dotcom, like every smart founder of a startup in a crisis, is pivoting. Since his Mega empire of filesharing websites and financial assets were seized in an indictment over massive alleged copyright violations last year, he’s been working on a relaunch designed to transform the company’s reputation from a business focused on piracy to one focused on privacy–specifically, airtight encryption like no other storage site has ever offered.But the security community knows that the boldest claims about new encryption technology demand the most scrutiny. And some crypto researchers are already punching holes in the secure lining of Mega’s cloud.“
If you temporarily disabled Java during the last round of attacks on Oracle’s ubiquitous, buggy program, here’s more evidence that the time has come to remove it altogether.On Tuesday, security researchers at the Polish firm Security Explorations revealed another critical security flaw in Java that affects users of every browser that runs the plugin, including Chrome, Firefox, Safari and Internet Explorer, allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. And unlike the bug in Java 7 that was actively exploited by hackers to install malware on users’ machines until it was patched at the end
Microsoft certification authority signing certificates added to the Untrusted Certificate Store
Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your
Adobe's revocation of a code-signing certificate that had been used by attackers to sign several malicious utilities sparked concerns in the security community about widespread malware attacks using those utilities. The key concern was that most antimalware systems will implicitly trust files that are digitally signed and so would pass them by without flagging them as malicious. However, security researchers say that the utilities, while still circulating, aren't being used in large-scale attacks.Adobe announced last week that it planned to revoke the certificate, saying that attackers had been able to compromise a machine on the company's network
Upcoming Events
Live Events
- I Can See Clearly Now - E2 Conference Boston
- Get practical strategies to build a solid plan for profitability and success - Mobile Commerce World - Mobile Commerce World
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- How to Choose a SaaS Vendor - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Related Whitepapers
Related Reports
