• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 28

August 3, 2012 By Corey Nachreiner

MS-CHAPv2 Hacked, Dropbox Breached, and Routers Rooted

Last week’s video highlighted the presentations I saw at  Blackhat and DEF CON this year. However, that was just a tiny glimpse into all the interesting security talks given at these popular conferences. This week, I share a few more conference highlights, including talks about problems with the authentication protocol used for PPTP VPNs, and some vulnerabilities in routers from a Chinese manufacturer.

I also cover the regular security news from the week, including an advisory about some unpatched Exchange vulnerabilities, news of a Dropbox breach, and a story about how one French company seems to be trolling Anonymous. While some of the stories are just fun and interesting, others have significant implications on your network security. If you use PPTP VPNs or WPA2 Enterprise wireless authentication, be sure to watch the video below, and learn how to avoid future attacks.

If you want to read more details about any of these stories, check out the Reference section below. Thanks for watching.

(Episode Runtime: 9:04)

Direct YouTube Link: http://www.youtube.com/watch?v=Ayf-DmOwO28

Episode References:

  • Blackhat/DEF CON Updates
    • Moxie Marlinspike’s blog post on MS-CHAPv2 weakness – CloudCracker blog
    • UPDATE: It appears WPA2 Enterprise PEAP authentication isn’t affected – Network World
    • Researchers disclose many vulnerabilities in Huawei routers – ComputerWorld
    • Huawei responds to router vulnerability allegations – CRN
  • MS Exchange suffers from Oracle Outside In vulnerabilities –  Microsoft
  • Dropbox confirms security breach –  Dropbox Blog
  • French Firm tries to trademark Anonymous Logo –  BBC News
  • Facebook SEC filings include details about fake and malicious accounts –  SEC
  • Infographic on Facebook fake accounts – Naked Security Blog

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, Blackhat, Defcon, Hacking, Mac Malware, Malware, Microsoft, NFC, OSX/Crisis, password leak, passwords, strike back, trojan, Updates and patches, zeroday

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use