https://crazypigeon.net/tags/it-security/ Recent content in It-Security on Flying Upside Down Hugo en Wed, 04 Oct 2017 02:55:25 +0000 https://crazypigeon.net/2017/10/04/ccleaner-malware-outbreak-is-much-worse-than-it-first-appeared/ Wed, 04 Oct 2017 02:55:25 +0000 https://crazypigeonblog.wordpress.com/?p=47 <p>&ldquo;The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload. (credit: Talos ) Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering.&rdquo;</p> https://crazypigeon.net/2017/09/19/antipatterns-in-iot-security/ Tue, 19 Sep 2017 04:23:46 +0000 https://crazypigeonblog.wordpress.com/?p=24 <p>Lots of interesting talk about the fundamentals of a secure system and it&rsquo;s applications to computers.</p> <p>Quote I liked (empahasis mine):</p> <blockquote> <p>The most basic security antipattern is to &ldquo;do nothing&rdquo;. That means accepting any and all risk, though. Another is to &ldquo;do it yourself&rdquo;; that leads to thinking the system is secure because of custom elements, such as non-peer-reviewed cryptography algorithms or implementations and security through obscurity. &ldquo;Hand-rolled&rdquo; security systems have not fared well over the years—developers have learned that implementing stream ciphers, for example, should not be tackled in-house. But there is still a fair amount of security by obscurity, such as &ldquo;super unguessable URLs&rdquo;. <strong>If a product becomes successful, which is what you want, the unguessable will become all-too-guessable.</strong></p>