A potentially serious 0-day attack has been disclosed affecting many websites employing OpenSSL (versions 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1 and 1.0.2-beta) for their HTTPS implementations. The heartbleed vulnerability CVE-2014-0160, allows an attacker to query up to 64kB of data from the server’s volatile memory. The information could include sensitive data, encryption keys, anything that your applications have placed in memory. Disclosure of this data to an attacker may not be detectable by ...Continue Reading → Share
First off I want to wish a happy new year to all of our visitors to our blog, as well as clients and friends of the Parameter Security family.
Over the New Year holiday our hackers discovered an information disclosure vulnerability on WordPress.com that will disclose a users username. In order to gain the username you will need to have knowledge of the user’s email address.
Continue Reading → Share
At the wordpress.com login enter the known email address. Enter something into ...
Written by Ben Miller, CEH
Sony announced, Wednesday April 20, they were aware of their network services being down. Little did they know this would turn into one of the largest data breach fiascos in history. On May 14, Sony began bringing their network back online for customers in North America. News stories have been concerned all along with the amount of credit card numbers stolen but, there is more at stake than just credit card numbers.
On April 26, Sony released ...Continue Reading → Share
Written by Renee Chronister, CEO
Everywhere you turn you hear of more victims affected by the Epsilon breach. Best Buy, Target, 1-800-FLOWERS and the list continues to grow. While Epsilon claims only names and email addresses were accessed, not financial information or anything profoundly compromising, you still can be victimized with the data that was leaked.
How? Well, names and email addresses offer hackers a nucleus from which to launch targeted phishing attacks. Those with malicious intent now have names and active ...Continue Reading → Share
by Renee Chronister, CEO, Parameter Security
WikiLeaks. WikiLeaks. Everywhere I turn I hear about WikiLeaks followed by “What does that mean for healthcare?” Well…it means absolutely nothing for healthcare. I know you’re scratching your head right now going “huh?” Here’s why: healthcare has already outpaced other verticals when it comes to data security breaches, including government, by as much as threefold in 2010 alone according to a recent report issued by Identity Theft Resource Center. So to put it bluntly, healthcare ...Continue Reading → Share
Like many security professionals out there, the Ethical Hackers at Parameter Security have on many occasions found our selves browsing Fyodor’s Security Tools list (www.sectools.org). The last list came in 2006, and since then a lot has change in the Info Sec world of tools. We at Parameter have decided to continue the tradition and create a new survey for 2010.
Please help us by filling out the following questions.
- This is for Offensive, ...
Earlier this week I hosted a webinar entitled “Inside the Mind of a Hacker”. During this hour long broadcast we discussed; How a Hacker thinks, What are a Hackers goal, and the tools of a Hacker. We concluded the Webinar with a demo of a Trojan.
The webinar can be found on Parameter’s website or by Click Here.Continue Reading → Share
Unless you have been living under a rock during the past 20 years you know that Man made Global Warming has been a very hot topic (no pun intended 🙂 ). Recently it seemed that the Pro-Global Warming team had been making the most ground. As the inventor of the Internet Al Gore put it “The debate is over”.. Is it???
It appears that a group of Hacktivist may have pulled some skeletons out of the closet, ...Continue Reading → Share
I apologize for delays in new post, business has been well keeping me busy. 2010 I hope to update more regularly. Until here is an article I wrote for security magazine in 2008. I hope you enjoy.
Protecting from Identity Theft? A Good Start
by Dave Chronister
April 1, 2008
Technology’s ever-growing importance is a mixed blessing.
On one hand, it keeps me employed, but many times I will find myself talking about “new threats” that aren’t really new, ...
WASHINGTON (AP) — For all the concern about identity theft, researchers say there’s a surprisingly easy way for the technology-savvy to figure out the precious nine digits of Americans’ Social Security numbers.Continue Reading → Share