Over the years, we've had to deal with vulnerabilities and weaknesses in wireless security protocols, such as the deprecation of the WEP protocol due to design flaws. Now, a standard that was designed to make wireless security easier, actually makes it less secure. For those of you who haven't heard of Wi-Fi Protected Setup (WPS) — which frankly included me until recently … [Read more...]
Archives for January 2012
Security Stories You May Have Missed Over the Holidays
If your office gets quiet around the week leading up to Christmas and New Years, as many seem to, you may have missed a few interesting security stories during this lull. Let me catch you up in one fell swoop. Below, I quickly highlight a menagerie of interesting security stories, which you may have missed over the past two weeks: Unpatched Vulnerability in Windows … [Read more...]
Microsoft Releases Out-of-Cycle .NET Framework Security Update
Summary: These vulnerabilities affect: All versions of Microsoft's .NET Framework How an attacker exploits it: Multiple ways, including sending specially crafted web requests or enticing users to click maliciously crafted links Impact: Various. In the worst case, an attacker can log in to your web application as another user, without having that user's password What to … [Read more...]