7MS #166: Infosec News and Links Roundup
A great Hacking Webapps course is only $10 when you use the code TWITTER. This is one of the first Webapp hacking courses I ever took and was well worth the price.
BHIS has a Webinar called "Internal Pivot Pentest Go Kit" they'll be doing on Tuesday, Mar 22 at 11:00 a.m. CST. I definitely plan on attending.
- This week was patch Tuesday so patch all your stuff. Many updates are for IE or Edge, which Shavlik says is proving to be a bit more secure as promised, but not by much:
Microsoft’s claim that Edge is more secure than IE seems to be holding out, albeit not by much. So far this year, Shavlik found, Edge has required 19 fixes versus IE’s 27.
If you patched Flash on Tuesday be sure to do it again as another emergency patch was released 3/11.
- Seagate W2 information got pwned. Ouch. How many records? According to the spokesperson:
“We’re not giving that out publicly — only to federal law enforcement,” he said. “It’s accurate to say several thousand. But less 10,000 by a good amount.”
A researcher found a legitimate (but potentially slow and painful) way to hack any Facebook account and got paid $15k for bringing it to FB's attention. Oh, and the vuln is now fixed :-)
The Transmission Bittorrent client download was compromised for a short time last weekend, infecting about 6,500 users with a Mac ransomware called KeRanger. It lays dormant in a machine for a few days before contacting CnC servers and receiving specific instructions to encrypt files. Transmission released an update to block/remove the malicious install, and Apple has updated its software protections to prevent new infections from the bad image.
Amazon is removing encryption from their Fire tablets! OMG OMG OMG OMG! Oh wait...they have reversed the decision.
testssl.sh is one of my new fav tools for checking SSL/TLS, and...
This is one of my go-to pages for testing SSL/TLS.