Monthly Archives: January 2017
Bannon Role On National Security Council Under Fire
US Border Agents Checking Facebook Profiles
Trump Immigration Change Only Helps ISIS
Security professionals shortage in UK ‘increasing competition among companies for talent’
IT security professionals are at the forefront of the demand from companies across the UK, many of whom have placed greater demand on tech skills.
The post Security professionals shortage in UK ‘increasing competition among companies for talent’ appeared first on WeLiveSecurity
Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 3 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
abusing Brother’s proprietary PJL extensions to dump the printers NVRAM
and gain access to interesting stuff like passwords. The attack can be
performed by anyone…
Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 6 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
putting printers out of their misery and destorying the NVRAM through
ordinary print jobs. The attack can be performed by anyone who can
print, for example through USB…
Re: Announcing NorthSec 2017 CFP + Reg – Montreal, May 16-21
Posted by Olivier Bilodeau on Jan 30
NorthSec’s training sessions are announced!
https://www.nsec.io/training-sessions/
Attacking the Web: With Great Power Comes Great Vulnerabilities
<https://www.nsec.io/2017/01/attacking-the-web-training_with-great-power-comes-great-vulnerabilities/>
By: Philippe Arteau of FindSecurityBugs and .Net Security Guard open source
projects
An advanced Web application security class covering topics such as Advanced
XSS (DOM, Angular,…
Re: Digital Ocean ssh key authentication security risk — password authentication is re-enabled
Posted by gp on Jan 30
Hello,
The last time I contacted them they did not care about this. It’s
basically a feature. They also used to (or still do) reset SSH host keys
and other things.
A suggested workaround if I remember correctly was to set a sticky bit
on the files you did not want their bootstrap script to modify. I have
no idea if this works or if it makes sense as I worked around the
problem another way.
Have you tried reaching support about it? I…
Re: Digital Ocean ssh key authentication security risk — password authentication is re-enabled
Posted by Daniel Elebash on Jan 30
After two months of going back and forth with digital ocean I just received a message today that they have deployed a
fix so you may not be able to replicate the problem.
My main concern is the not notifying customers of this behavior, most likely leaving many unaware and vulnerable.
Even though they have fixed this issue which was being set via cloud init, it still leaves currently deployed servers
with password authentication set to yes….