Facebook Vulnerability Discloses Friends Lists Defined as Private

This came through the bugtraq mailing list yesterday.

Researchers from the Quotium Seeker Research Center identified a security flaw in Facebook privacy controls. The vulnerability allows attackers to see the friends list of any user on Facebook. This attack is carried out by abusing the ‘People You May Know’ mechanism on Facebook, which is the […]

US-Cert Alert (TA13-309A) CryptoLocker Ransomware Infections — really nasty malware

US-Cert Alert (TA13-309A) CryptoLocker Ransomware Infections Original release date: November 05, 2013 | Last revised: November 06, 2013 Here are some notes about CryptoLocker from Pete Beebe, one of my colleagues at Jibe Consulting:

A Malware virus has been making the rounds recently that folks should be aware of.

This particularly nasty malware virus […]

How to Protect your Oracle Database from Hackers

I was attending the NorthWest Oracle Users Group meeting on Monday. At the beginning of the conference, there was the usual conference business and announcements. The speaker announced that the 1:00 PM technical talk was cancelled due to illness. I looked at the schedule, and thought: Dang. There is nothing else that I want to […]

Windows domain accounts — insecure by default?

Today, I was working on an issue at a client site. I was given a Windows domain account and a personal certificate to login to their VPN. I don’t know how the Windows domain account was created, but I’m assuming that it was nothing special.

Once I connected to VPN, I Remote Desktop’ed into the […]