• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

TorSploit – WSWiR Episode 73

August 9, 2013 By Corey Nachreiner

BREACH, TorSploit, and Fort Disco

Sorry for the late posting, but your weekly taste of “what’s up” in the InfoSec world is here for your viewing pleasure. As always, I summarize some of this week’s biggest network and information security news, in case you didn’t have time to follow it yourself.

This week was packed with security stories, but I only had time to focus on four. The episode includes information on a botnet that brute forces CMS systems, an alleged flaw in Chrome’s password security, a serious new SSL encryption weakness, and suspicions that the FBI tried to backdoor Tor sites. Press play below for the full scoop, and check out the Reference section if you’d like to read about all the other stories I didn’t have time to talk about.

(Episode Runtime: 12:15)

Direct YouTube Link: https://www.youtube.com/watch?v=y4jVozwHdWc

Episode References:

  • Fort Disco botnet brute forces CMS systems – Arbor Networks
  • Blogger accuses Chrome of bad password management – Blog
  • BREACH SSL attack relies on HTTP compression – Breach Attack site
  • BREACH attack technical whitepaper [PDF] – Breach Attack site
  • FBI suspected of javascript attack on Tor – Wired
  • Torsploit IPs may not point to feds – Ars Technica
  • Metasploit exploit for the “FBI Javascript flaw” – Rapid 7

Extras:

  • Microsoft warns of a CHAPv2 flaw that affects their phone OS – Microsoft
  • Microsoft’s August patch day to include eight bulletins, three critical – Microsoft
  • Serious OSPF flaw affects many industry routing devices (WatchGuard not affected) – US CERT
  • Firefox 23 fixes security flaws and introduces new security features – Tech Crunch
  • IPv6 Man in the Middle (MitM) attack affects Windows – Computer World
  • Hack NFC for free bus rides – Mashable
  • Will Smith shows up at Def Con – PC World
  • Hacking bluetooth toilets – Tech Week
  • Reseachers release their Def Con car hack details – IOActive blog
  • Does the NSA share phone hacking data with DEA? – The Washington Post

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Blackhat, botnet, Chrome, Defcon, FBI, Fort Disco, Hacking, Infosec news, javascript, Malware, NSA, password, password security, Security breach, Software vulnerabilities, SSL, TLS, Tor, Torsploit, trojan

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    August 12, 2013 at 1:51 pm

    It is unbelievable, but with a couple of latest publicly disclosed cases, looks like “hack the hackers” concept slowly but surely (if such cases will appear again and again) will re-born to “strike anonymity” flow…If legals involved in that process – it’s very dispirit tendency. In WWW, like in real life, should be “space and time” for confidentiality for ordinary users… “If you are not a hacker or cybercriminal – you’ve got nothing hide” is not a justification…By the way – one famous social network in Russia (Vkontakte) was almost hit by a special law-initiative, according to which registration of users should to be held by national passports and personal data, and such data must be confirmed by the legals PRIOR to registration… Such an initiative has been canceled. Senator who proposed such an initiative, said “If you are not a hacker or cybercriminal – you’ve got nothing hide”… :-

    Reply
  2. novoline kostenlos spielen lord of ocean says

    January 22, 2014 at 1:21 am

    Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically
    tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this.
    Please let me know if you run into anything. I truly enjoy reading your blog and I
    look forward to your new updates.

    Reply
  3. Tabitha says

    February 20, 2014 at 6:47 am

    The Effects of Technology in Today’s Business World.
    Using ann address once for a single transaction ensures privacy and anonymity.
    Splitting private keys into random shates and storing the pieces
    in different machines would be useful.

    Reply
  4. Bitcoin mining 2013 says

    February 24, 2014 at 6:20 pm

    The real question isn’t whether Bitcoin determination tail off, dive before take us all on a crazy harass, it’s whether it determination truly subsist its inevitable test.
    Using an address once foor a singgle transaction ensures privacy and
    anonymity. Eveen when an electronic transfer (like a wire transfer) method
    is used, thhe spender loses the ownership of the money first and
    then the target beneficiary is credited with the amount.

    Reply
  5. messenger youtube says

    March 4, 2014 at 12:02 am

    I’m curious to find out what blog platform you are using?
    I’m experiencing some minor security issues with my latest site
    and I would like to find something more secure. Do you have any suggestions?

    Reply
  6. lawyer salary nyc says

    March 16, 2014 at 3:07 pm

    This is my first time pay a quick visit at here and i am actually happy to
    read all at alone place.

    Reply
  7. Riot Points hacks says

    March 23, 2014 at 5:01 am

    Hmm is anyone else encountering problems with the pictures on this blog loading?

    I’m trying to figure out if its a problem on my end or
    if it’s the blog. Any feedback would be greatly appreciated.

    Reply
  8. Pisces the Fish says

    March 31, 2014 at 4:35 am

    I truly love your blog.. Pleaasant colors & theme. Did you create this amazing site yourself?
    Please reply back as I’m trying to create my own site and want to know where you got this from or just what the theme is called.
    Appreciate it!

    Reply
  9. medications-online.com says

    March 31, 2014 at 4:37 am

    Just want tto say your article is as amazing. The clearness
    for your submit is simply excellent and that i
    could assume you’re aan expert on tthis subject.
    Fine with your permission let me to take hold of your
    RSS feed to stay up to date with forthcoming post.
    Thanks one mikllion and please keep up the enjoyable work.

    Reply
  10. Cliff Thomas MD says

    March 31, 2014 at 4:53 am

    Hello! I know this is sort of off-topic however I had to ask.

    Does building a well-established website like yours require
    a massive amount work? I am brand new to running a blog
    however I do write in my journal daily. I’d like to start a blog so I can share my personal experience and
    feelings online. Please let me know if you have any ideas
    or tips for brand new aspiring bloggers. Appreciate it!

    Reply
  11. hearthstone arena guide says

    April 11, 2014 at 1:06 pm

    The subject of clear skin diet is a controversial issue.
    The constantly changing fashionable take on clear skin diet demonstrates the depth of the subject.
    While it has been acknowledged that it has an important part to play
    in the development of man, its influence on western cinema has not been given proper recognition.
    Inevitably feelings run deep amongst the aristocracy,
    whom I can say no more about due to legal restrictions. Hold onto your hats as we begin a journey into clear skin
    diet.

    Social Factors

    Society is our own everyday reality. The immortal and indispensable
    phrase �honesty is the best policy� [1] created a monster which
    society has been attempting to tame ever since. No symbol
    is more potent than clear skin diet in society today. It is crunchy on the outside
    but soft in the middle.

    Our post-literate society, more than ever before, relies upon clear skin diet.
    It is intrinsically linked to adolescent inner
    acclimatisation.

    Economic Factors

    There has been a great deal of discussion in the
    world of economics, centred on the value of clear skin diet.
    We will study the Watkis-Teeth-Pulling model, as is standard in this case.

    Reply
  12. cloud hosting kenya says

    April 19, 2014 at 1:37 am

    Wonderful post! We are linking to this great article on our
    site. Keep up the good writing.

    Reply
  13. free computing says

    April 19, 2014 at 11:57 pm

    Hi this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have
    to manually code with HTML. I’m starting a blog soon but have
    no coding skills so I wanted to get advice from
    someone with experience. Any help would be enormously appreciated!

    Reply
  14. Matthias says

    April 23, 2014 at 4:41 am

    After I originally commented I seem to have clicked on the -Notify me when new comments are added- checkbox and
    now each time a comment is added I get 4 emails with the same comment.
    There has to be a means you can remove me
    from that service? Thank you!

    Reply
  15. reliable emergency plumbing says

    July 12, 2014 at 11:21 pm

    No matter if some one searches for his essential thing,
    so he/she wishes to be available that in detail, therefore that thing is maintained over here.

    Reply
  16. professional plumbing services charleston says

    July 15, 2014 at 11:25 pm

    It is not my first time to visit this web site, i am visiting this site dailly and get pleasant facts from here every day.

    Reply
  17. hookah lounge nyc says

    July 29, 2014 at 2:42 pm

    What’s up to every body, it’s my first go to see of this blog; this
    webpage carries remarkable and in fact fine data
    in favor of readers.

    Reply
  18. karatbars international canada says

    September 4, 2014 at 10:05 pm

    I’m really enjoying the design and layout of your blog.
    It’s a very easy on the eyes which makes it much more enjoyable for me to
    come here and visit more often. Did you hire out a designer to create your
    theme? Outstanding work!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use