Maybe other router manufacturers are as magnificently dumb as D-Link but regardless, get rid of all D-Link routers and vow to never buy another D-Link product for a long as your lungs suck in air. The security vulnerabilities present in their devices, especially the DWR-932B router, are so far beyond stupid, well, you’d swear the Chinese company purposely allowed them as a joke on Americans…
I wasn’t too happy to hear that Akamai dropped security researcher/writer Brian Krebs last week after Kreb’s website sustained the largest-ever DDoS attack. In short, they basically offered Krebs protection from DDoS attacks until, well, they said they couldn’t. Then they dropped him leaving Krebs to fend for himself.
Security researcher Brian Krebs of KrebsOnSecurity reported today that his site was hit with a walloping 665 Gbps DDoS attack. The attack included SYN and HTTP floods and peaked at 153 Mpps (million packets per second). Krebs' site remained online, the attack mitigated by Akami's DDoS protection service.
People often wonder if their names have somehow made it to the “the list”, that watchlist of US citizens whom the government suspects may be up to something. I would venture to say, the best way to know if you’re on the watchlist would be to recognize how often you find yourself forced into unique situations that fall far beyond the norm.
Offering bounties worth thousands, even millions of dollars, bug bounties pay hackers to report vulnerabilities. The process is pretty simple. The hacker sends the vulnerability report to the company, the company patches the vulnerably, the bounty paid, and finally, the vulnerability disclosed. Everyone wins. Usually.
Regardless of whether you consider Edward Snowden’s leaks of classified information to be self-sacrificial acts of patriotism or the deeds of a traitor, the recent DNC data dump and NSA cyber weapons malware (milware?) code drops have all the markings of a Snowden escapade. If you disagree, consider the timing of the code drop and who has the most to gain.
Forget running Kali in a virtual machine (well, at least put it aside for a while). The Windows 10 Anniversary Update includes a whack new feature - Windows Subsystem for Linux or WSL. Using the new LxssManager service, WSL lets you run a full-featured Ubuntu Linux subsystem on Windows 10.
It’s a draft title Task Order Request for Cyberspace Operations Support Services in support of United States Cyber Command (USCYBERCOM). Oh, brother. That means the U.S. has bungled their cybersecurity so badly they’re now willing to outsource, and trust, this critical national security task to an outside contractor. Even a partner outside of the U.S. if they’re trusted status.
After conclusion of a four-year probe, contractors who worked on U.S. military code are being fined a combined $12.75 million. As it turns out, some contractors outsourced coding tasks to Russian. No words can convey the level of stupidity here (hey, let's get Al-Qaeda to build US airplanes!).
I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from the Chinese who tend to just block attackers, or the Americans, who never even notice an attack is taking place.
On the heels of the Hacking Team dump, this week’s US-CERT advisory, a cyber-security bulletin which provides a summary of new security vulnerabilities, was about twice its usual size with all the Adobe Level 10 alerts included in the report. Remind me – why are these products still around?
Both Kaspersky and Symantec released reports this week pointing out the increase in attacks by Wild Neutron (aka Jripbot, Morpho, or Butterfly). WN had gone mostly dormant (or undetected?) since 2013 after hitting Apple, Facebook, Twitter, and Microsoft using zero-day Java exploits (seeded in the hacked forums of various websites) and the OSX/Pintsized Mac OS X or Windows Jiripbot backdoor.