On Tuesday, Sony officially disclosed a humongous data breach against the Playstation Network or PSN (recently renamed to Qriocity), which allowed external attackers to get their hands on the Personally Identifiable Information (PII) of around 77 million gamers. Worse yet, they may have even stolen their credit card information, too. If you read security news, or follow me … [Read more...]
Archives for April 2011
Adobe Partially Corrects Flash Zero Day in Reader and Acrobat
Severity: High 22 April, 2011 Summary: These vulnerabilities affects: Recent versions of Adobe Reader, and Acrobat How an attacker exploits it: In various ways, but most commonly by enticing your users into opening a Word or Excel document containing malicious Flash Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of … [Read more...]
Apple Releases OS X, Safari, and iOS Security Updates
Yesterday, Apple released a handful of security advisories for various products, including: OS X 10.6.x (Snow Leopard) Safari 5.0.5 for Mac and Windows iOS 4.3.2 iOS 4.2.7 (for CDMA iPhones) The Snow Leopard update only fixes one security issue. If you read my "Fraudulent Certificate" post from a few weeks ago, you know that attackers were able to get their grubby hands … [Read more...]
What is the TCP Split-Handshake Attack and Does It Affect Me?
If you've followed security news over the past few days, you've probably seen a lot of hoopla about a TCP split-handshake vulnerability that can affect firewalls and other networking and security devices. Many of the Media's articles characterize this complicated TCP connection attack as, "a hacker exploit that lets an attacker trick a firewall and get into an internal network … [Read more...]
Privacy Bill of Rights – Right to Accountability, part 2
Title I of the Commercial Privacy Bill of Rights Act of 2011 is comprised of two rights – the Right to Security and the Right to Accountability. This posting focuses on the second part, the Right to Accountability. Similar to the Right to Security, this section is short. In essence it says that each “covered entity” (see the previous post for what that entails), … [Read more...]