Category: Cyber Security

Vulnerability CVE-2012-0056 is a nasty one if you’re running a Linux kernel release 2.6.39 through 3.2.1. The exploit is a privilege escalation attack, meaning that the attacker has to get a foothold on your system. But once the attack has an unprivileged process on your system, its privileges can be elevated to root. Game over. […]

My recent work has lead me to consider the security (or is that lack of security?) associated with mobile devices. One of the things which lead to the early success of the Blackberry was without doubt that it was designed to interface to an enterprise infrastructure in a secure and controlled way. Unfortunately for those […]

In discussions and meetings with other information security professionals, I hear a lot of misinformation. I’m a geek and like to be more precise, rather than less.  The use of the term vulnerability is a special pet-peeve of mine.  The core of information assurance is making sure you don’t have serious vulnerabilities. So, what exactly […]

My last post was about malicious update notices that pop up when using public network connections. I advised checking digital signatures on the updates. I want to add to that and expand a bit on public communication channels and storage. First, when you use a public network, wired or wireless, your data may not be […]

My last blog about User Activation Controls suggested that they were of little help, even when they work.  After all, user data (your documents, spreadsheets and such) are the most valuable things you have.  Now, we’ll just trash UAC by bypassing it.  We’ll do this by relying on a flaw:  Microsoft loves itself. Remember, UAC […]