Zoom
Trash
Related:
Superfish CA + Komodia vulnerability test This test has been retired in favor of the badssl.com Dashboard. You can still find Superfish removal instructions here. Test disabled. YES, it looks like you have a Komodia proxy running (but not Superfish). Unfortunately there aren't detailed removal instructions at the moment, but you can follow the Superfish ones with the name of the software you installed instead of "Superfish". Here is an incomplete list of known affected softwares: "Keep My Family Secure", "Kurupira", "Qustodio", "Staffcop", "Easy hide IP Classic", "Lavasoft Ad-aware Web Companion". YES, you have a big problem - even if it's not Komodia. Apparently no certificates checks are happening. This might be due to the browser you are using (if it's not a major one) or to software you are running, like PrivDog. See here for instructions on removal. Also no other SSL-disabling product was detected on your system. What's this about?
24 HOURS AFTER HEARTBLEED, 368 CLOUD PROVIDERS STILL VULNERABLE April 10, 2014 | Leave a Comment By Harold Byun, Skyhigh Networks Over the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is used extensively to secure transactions and data on the web. Heartbleed makes the SSL encryption layer used by millions of websites and thousands of cloud providers vulnerable. Many cloud services are still vulnerable Skyhigh’s Service Intelligence Team tracks vulnerabilities and security breaches across thousands of cloud providers, including the Heartbleed vulnerability. The average company uses 626 cloud services, making the likelihood they use at least one affected services extremely high. What actions you can take In order to close the vulnerability, cloud providers need to update OpenSSL and reissue their certificates that could be used to impersonate the service.
Defense in depth (computing) Defense in depth is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle. The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods. It is a layering tactic, conceived by the National Security Agency (NSA) as a comprehensive approach to information and electronic security.[1][2] Defense in depth is originally a military strategy that seeks to delay, rather than prevent, the advance of an attacker by yielding space in order to buy time. Using more than one of the following layers constitutes defense in depth.
24 Hours After Heartbleed, 368 Cloud Providers Still Vulnerable | Skyhigh Networks Over the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is used extensively to secure transactions and data on the web. Heartbleed makes the SSL encryption layer used by millions of websites and thousands of cloud providers vulnerable. Many cloud services are still vulnerable Skyhigh’s Service Intelligence Team tracks vulnerabilities and security breaches across thousands of cloud providers, including the Heartbleed vulnerability. The average company uses 626 cloud services, making the likelihood they use at least one affected service extremely high. What actions you can take In order to close the vulnerability, cloud providers need to update OpenSSL and reissue their certificates that could be used to impersonate the service.
DigiCert SSL Certificate Discovery Tool With the SSL Discovery Tool you can perform manual and automatic scans. Manual scanning lets you search your network by a list of hosts or IP ranges or by a Host Group. Auto scanning allows you to schedule periodic scans at specified intervals (daily, weekly, or monthly) in order to detect and be notified of changes to your active certificate inventory. Both manual and automatic scans give you a detailed report of their findings. The report will show all the certificates found in the scan, which CA issued the certs, their expiration dates, and other information such as certificate key size, certificate type, common name, SAN names, and organization information. SSL Certificates are supposed to make life easier, so don't let managing them make your life more difficult.
The Heartbleed Vulnerability: What It Is and How It Affects You - McAfee NOTE: McAfee has released a Heartbleed Checker tool to help consumers easily gauge their susceptibility to the potentially dangerous effects of the Heartbleed bug. You can access the tool at: Many of you may have been hearing the term “Heartbleed” over the past few days and wondering what exactly that is, and why people are so concerned about it. What is Heartbleed? It is important to understand that Heartbleed is not a virus, but rather a mistake written into OpenSSL—a security standard encrypting communications between you, the user, and the servers provided by a majority of online services. What Should I Do? The first thing you need to do is check to make sure your online services, like Yahoo and PayPal, have updated their servers in order to compensate for the Heartbleed vulnerability. How Do I Check For Heartbleed? Mashable has a list of popular websites affected by the Heartbleed vulnerability. A Deeper Look at Heartbleed
Speakeasy Speed Test Why do I get a “socket error” message? An error may result from having the speed test open in more than one browser tab or window. The test may fail to complete and display the following message: “A socket error occurred during the Upload test. Please try again later.” To prevent this error, and get the most accurate test results, close all other browser tabs and windows before running. If you continue to get a socket error message, or another type of error message, please provide feedback by emailing us at speedtestfeedback@fusionconnect.com. Why is the location I usually pick missing from the City list? A slow response can be caused by latency or packet-loss between the client and server, or particularly high Internet usage (during peak hours). In which browsers does the Speed Test work best? Why am I receiving “Could not connect to the Internet” errors when I am connected? Why didn’t the test choose the server location nearest me? Why is my speed lower than expected?
9 Worst Cloud Security Threats Leading cloud security group lists the "Notorious Nine" top threats to cloud computing in 2013; most are already known but defy 100% solution. Shadow IT is a great thing until it runs into the security of cloud computing. All too often line-of-business users are establishing applications and moving data into the cloud without understanding all the security implications. The Cloud Security Alliance has put together a list of the nine most prevalent and serious security threats in cloud computing. The alliance bills its list as the "Notorious Nine: Cloud Computing Threats in 2013." The report was released in February and was composed by a group within the alliance, including co-chairs Rafal Los of HP, Dave Shackleford of Voodoo Security, and Bryan Sullivan of Microsoft. Here are the CSA's biggest concerns. 1. "It's every CIO's worst nightmare: the organization's sensitive internal data falls into the hands of their competitors," the report said. 2. 3. 4. 1 of 2 More Insights
Sandbox (computer security) In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.[1] The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Sandboxing technology is frequently used to test unverified programs which may contain a virus or other malignant code, without allowing the software to harm the host device.[2] Examples of sandboxes include: Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs (PDF)
Force Windows 7 to Clear Virtual Memory Pagefile at Shutdown Among the advances offered to it users, Windows 7’s handling of virtual memory is the most efficient to date. However, as the RAM in a computer increases, so must the size of the pagefile to accommodate the larger capacity of computer memory. There are several advantages to starting each Windows 7 session with a cleared pagefile. What is Virtual Memory? The amount of memory you can put into your computer is finite. The amount of hard drive space set aside for virtual memory ranges from zero to about 1 to 2 times the memory you have installed in your computer. Why Clear Virtual Memory? When you shutdown Windows 7, the data in your computer’s RAM is lost because PC memory is volatile. Virtual memory is quite secure within Windows 7 because only the operating system has the authority to read and write to the virtual memory pagefile. One way to combat this is to simply have Windows 7 delete the virtual memory pagefile whenever the operating system shuts down.
Download Microsoft Baseline Security Analyzer 2.3 (for IT Professionals) from Official Microsoft Download Center <a id="b7777d05-f9ee-bedd-c9b9-9572b26f11d1" target="_self" class="mscom-link download-button dl" href="confirmation.aspx?id=7558" bi:track="false"><span class="loc" locid="46b21a80-a483-c4a8-33c6-eb40c48bcd9d" srcid="46b21a80-a483-c4a8-33c6-eb40c48bcd9d">Download</span></a> The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations. MBSA 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012. DetailsNote:There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.MBSASetup-x64-EN.msiMBSASetup-x64-DE.msiMBSASetup-x64-FR.msiMBSASetup-x64-JA.msiMBSASetup-x86-DE.msi1.7 MB1.7 MB1.7 MB1.8 MB1.6 MB To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool.
List of Printers Which Do or Do Not Display Tracking Dots Introduction This is a list in progress of color laser printer models that do or do not print yellow tracking dots on their output. We are in the process of trying to interpret the information conveyed by these dots as part of our Machine Identification Code Technology Project. Limitations of this information A "no" simply means that we couldn't see yellow dots; it does not prove that there is no forensic watermarking present. (For example, the HP Color LaserJET 8500 series does not include any yellow tracking dots that we can see, but it may still include some kind of forensic marking, since the majority of other Color LaserJET models do. A "yes" simply means that we (or another source, as noted) saw yellow dots that appeared anomalous to us. Sources of information We have employed three sources of information. Thanks to our friends at software firms and symphonies, public schools and physics labs, semiconductor fabs and ice cream parlors, in about a dozen countries around the world.