This Blog has Moved!
Space Weather Outlook December 28, 2014 at 09:23PM
Configuring and Using PKI in Your Microsoft Network
This white paper gives you a great overview of the core configuration of your Microsoft CAs. Request Free! |
Why Threat of Downtime Should Be Keeping You Up at Night
Security systems only provide protection if up and running. If video monitoring systems, access control, or other building security systems go down, it can be costly and dangerous. Learn how to protect your security systems and keep them running 24/7/365. Get this informative white paper to learn all about:
Request Free! |
Everything You Need To Know About A DDoS Attack
Even if your company isn’t as large as Amazon or eBay, any amount of profit loss due to downtime should be cause for concern. Not only do you miss a potential sale in real time, that customer is less likely to come back and try to purchase from you again in the future. Request Free! |
Email Security For IT: How To Keep Your Brand Safe
Not only can phishers hurt your company and customers, but your brand can take a beating too. Find out what you should be implementing to keep your brand safe. Request Free! |
Space Weather Outlook December 21, 2014 at 08:19PM
The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook
The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions. The following kit contents will help you get the most out of your Information Security research:
Request Free! |
Network Security For Dummies -- eBook (usually $22.99) FREE for a limited time!
CNN is reporting that a vicious new virus is wreaking havoc on the world’s computer networks. Somebody’s hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that’s got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against most security threats. Whether your network consists of one computer with a high-speed Internet connection or hundreds of workstations distributed across dozens of locations, you’ll find what you need to confidently:
Request Free! |
Space Weather Outlook December 14, 2014 at 09:09PM
Grnde zur Vergabe einer vereinheitlichten Identitt an Insider
Auf der Liste der acht bedeutendsten Bedrohungen in Sachen Internetsicherheit für das Jahr 2013 führt Forbes interne Bedrohungen unter Beachtung interner Angriffe auf Basis des Schadens, den privilegierte Benutzer verursachen, sowie die Art von Daten, zu denen diese Zugang haben, auf Platz 3 “der Verheerendsten” an. Es ist von äußerster Wichtigkeit, dass Führungskräfte und IT-Richtlinienbeauftragte die Gefahr böswilliger Insider, eine gestiegene Angriffsoberfläche und das Potenzial für durch Angestellte verursachte Fehler durch Bedrohungen oder Fahrlässigkeit erkennen und bestätigen. Request Free! |
Three Ways Companies Can Avoid DDoS Attacks
In this 15-minute webinar, Dyn Principal Architect Andrew Sullivan gives a quick-hit overview of DDoS attacks and three tips on how companies can help plan ahead before getting hit. Request Free! |
Proven Practices for Securing Your Website Against DDoS Attacks
Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand! Request Free! |
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Space Weather Outlook December 07, 2014 at 11:41PM
Essential Data Security Kit including Cryptography for Dummies - FREE for a limited time!
Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking. Cryptography for Dummies will teach you everything from the terminology used in the field to specific technologies to the pros and cons of different implementations. This essential research also includes DDoS Attacks, Cloud adoption and security, and what you need to know about eliminating security risks for your company. In this kit you will receive the following resources for Data Security research: Request Free! |
5 ways to protect your company from phone and internet fraud
As a telecoms operator, in order to protect your company against fraudulent attacks, your company needs to make the shift from trying to fix problems after they happen, to focusing on assessing risks ahead of time and implementing the appropriate preventative methods. But how can you prevent these? Find out in the following article... Request Free! |
Is Your Identity and Access Governance Program Vulnerable to Risk?
Your organization must inventory, analyze and understand the access privileges granted to its users to effectively manage risk. Proactive Identity and Access Governance (IAG) can help you answer the critical question: “Who has access to what, and is it appropriate?” NetIQ shows you how in this paper, which they've packed with:
Learn to secure your organization by implementing a proactive IAG program. Request Free! |
Mobile and Remote Access: Balancing Convenience and Security
In today's BYOD world, securing access and maintaining productivity is challenging. Users want access from their own devices, and the applications, data and services they're using are not always secured by a perimeter. How can you provide secure access without inhibiting productivity? In this paper you'll learn:
Get advice on choosing the right solution and the knowledge you need to face today's challenges. Request Free! |
Single Sign-On: with Passwords, Less is More
Your workforce is using applications from a wider variety of sources than ever. Not only does this annoy your users, it's less secure. The solution is simply solved with enterprise Single Sign-On (SSO). Read this paper to learn:
Security and productivity are both at stake: put SSO to work in your organization today. Request Free! |
The Big Shift to Cloud-Based Security
As a mid-sized or smaller organization, there is a lure of feeling safety in obscurity. The truth is your company doesn't have to be a giant global corporation to be in the cross hairs of an attack. Automated exploits of common vulnerabilities can equally sweep up victims on any Internet-facing network. As for targeted attacks, smaller companies are often hit first precisely because cybercriminals know these organizations have weak security – and may be a stepping stone to connected business partners or a large parent company. The good news is you don't need to hire a crew of security experts to effectively manage IT risks and comply with security and privacy regulations. This guide explains how SMBs can use cloud-based security to protect their network and ensure compliance without breaking the bank. Request Free! |
Banking IT Systems Management: Challenges and Solutions
Banking systems need to be readily available and productive, yet secure and protected from data-breach. The risks of irregular maintenance and non-compliance of IT and security policies can cost the organization much in terms of fines, lost opportunities and a damaged reputation. With such a serious and complex challenge, employing an efficient and comprehensive solution is paramount to minimize risk and instill confidence in the organization's ability to fulfill on its compliance requirements. Download this white paper to learn:
Request Free! |
Cryptography For Dummies - eBook (usually $22.99) FREE for a limited time!
Request Free! |