Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-52 2014 December 28 at 7:10 p.m. MST (2014 December 29 0210 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 22-28 G1 (minor) geomagnetic storms were observed on 22 December due to effects from a coronal mass ejection. R1 (minor) solar radiation storms were observed on 22 and 27 December due to solar flares from Regions 2242 and 2249. Outlook For December 29-January 4 G1 (minor) geomagnetic storms are possible on 03 January due to effects from a large coronal hole high speed stream. A chance for R1 (minor) solar radiation storms are possible through 30 December from complex Region 2249. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Configuring and Using PKI in Your Microsoft Network
The following is external content provided as a free resource for blog readers.
 | This white paper gives you a great overview of the core configuration of your Microsoft CAs. Request Free! |
Why Threat of Downtime Should Be Keeping You Up at Night
The following is external content provided as a free resource for blog readers.
 | Security systems only provide protection if up and running. If video monitoring systems, access control, or other building security systems go down, it can be costly and dangerous. Learn how to protect your security systems and keep them running 24/7/365. Get this informative white paper to learn all about:
Request Free! |
Everything You Need To Know About A DDoS Attack
The following is external content provided as a free resource for blog readers.
 | Even if your company isn’t as large as Amazon or eBay, any amount of profit loss due to downtime should be cause for concern. Not only do you miss a potential sale in real time, that customer is less likely to come back and try to purchase from you again in the future. Request Free! |
Email Security For IT: How To Keep Your Brand Safe
The following is external content provided as a free resource for blog readers.
 | Not only can phishers hurt your company and customers, but your brand can take a beating too. Find out what you should be implementing to keep your brand safe. Request Free! |
Space Weather Outlook December 21, 2014 at 08:19PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-51 2014 December 21 at 6:05 p.m. MST (2014 December 22 0105 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 15-21 An R3 (Strong) radio blackout was observed on December 20. R2 (Moderate) radio blackouts were observed on December 17 and 18. R1 (Minor) blackouts were observed on December 17, 19 and 21. No G1 (Minor) or greater geomagnetic storms were observed. No S1 (Minor) or greater space radiation storms were observed, although the greater than 10 MeV flux at geosynchronous orbit was enhanced, reaching a peak flux of 3.24 pfu on December 21. Outlook For December 22-28 R1-R2 (Minor to Moderate) radio blackouts are expected through December 28. There is a chance for an R3 (Strong) or greater radio blackout through December 26. There is a chance for a G1 (Minor) geomagnetic storm on December 22. There is a chance for an S1 (Minor) or greater space radiation storm through December 28th. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook
The following is external content provided as a free resource for blog readers.
 | The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions. The following kit contents will help you get the most out of your Information Security research:
Request Free! |
Network Security For Dummies -- eBook (usually $22.99) FREE for a limited time!
The following is external content provided as a free resource for blog readers.
 | CNN is reporting that a vicious new virus is wreaking havoc on the world’s computer networks. Somebody’s hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that’s got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against most security threats. Whether your network consists of one computer with a high-speed Internet connection or hundreds of workstations distributed across dozens of locations, you’ll find what you need to confidently:
Request Free! |
Space Weather Outlook December 14, 2014 at 09:09PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-50 2014 December 14 at 6:55 p.m. MST (2014 December 15 0155 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 8-14 A G1 (minor) geomagnetic storm was observed on 12 December. R1 (minor) radio blackouts were observed on 13 and 14 December. No S1 (minor) or greater space radiation events were observed, although 10 MeV proton flux at geosynchronous orbit was enhanced on 14 December, with a maximum flux of 2.5 pfu. Outlook For December 15-21 R1 or greater radio blackouts are possible throughout the forecast period. There is a chance for G1 (minor) storm conditions on 28 Dec through 09 Jan in response to recurrent high speed solar wind features. There is a slight chance for an S1 (minor) or greater space radiation event through the forecast period. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Grnde zur Vergabe einer vereinheitlichten Identitt an Insider
The following is external content provided as a free resource for blog readers.
 | Auf der Liste der acht bedeutendsten Bedrohungen in Sachen Internetsicherheit für das Jahr 2013 führt Forbes interne Bedrohungen unter Beachtung interner Angriffe auf Basis des Schadens, den privilegierte Benutzer verursachen, sowie die Art von Daten, zu denen diese Zugang haben, auf Platz 3 “der Verheerendsten” an. Es ist von äußerster Wichtigkeit, dass Führungskräfte und IT-Richtlinienbeauftragte die Gefahr böswilliger Insider, eine gestiegene Angriffsoberfläche und das Potenzial für durch Angestellte verursachte Fehler durch Bedrohungen oder Fahrlässigkeit erkennen und bestätigen. Request Free! |
Three Ways Companies Can Avoid DDoS Attacks
The following is external content provided as a free resource for blog readers.
 | In this 15-minute webinar, Dyn Principal Architect Andrew Sullivan gives a quick-hit overview of DDoS attacks and three tips on how companies can help plan ahead before getting hit. Request Free! |
Proven Practices for Securing Your Website Against DDoS Attacks
The following is external content provided as a free resource for blog readers.
 | Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand! Request Free! |
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
Hello Slashdot! I apologize if the blog runs slow under the heavy load! -Ken
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Space Weather Outlook December 07, 2014 at 11:41PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-49 2014 December 7 at 9:29 p.m. MST (2014 December 8 0429 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 1-7 Category R1 (Minor) radio blackouts were observed on 01, 04, and 05 December while category R2 (Moderate) radio blackouts were observed on 04 December due to flare activity from Region 2222. Category G1 (Minor) geomagnetic storming was observed on 07 December due to coronal hole high speed stream activity. Outlook For December 8-14 There is a chance for R1-R2 (Minor-Moderate) radio blackouts for the forecast period due to potential significant flare activity from Region 2222 or the return of old Region 2209. Category G1 (Minor) geomagnetic storming is likely on 08 December due to continued activity from a coronal hole high speed stream. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Essential Data Security Kit including Cryptography for Dummies - FREE for a limited time!
The following is external content provided as a free resource for blog readers.
 | Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking. Cryptography for Dummies will teach you everything from the terminology used in the field to specific technologies to the pros and cons of different implementations. This essential research also includes DDoS Attacks, Cloud adoption and security, and what you need to know about eliminating security risks for your company. In this kit you will receive the following resources for Data Security research: Request Free! |
5 ways to protect your company from phone and internet fraud
The following is external content provided as a free resource for blog readers.
 | As a telecoms operator, in order to protect your company against fraudulent attacks, your company needs to make the shift from trying to fix problems after they happen, to focusing on assessing risks ahead of time and implementing the appropriate preventative methods. But how can you prevent these? Find out in the following article... Request Free! |
Is Your Identity and Access Governance Program Vulnerable to Risk?
The following is external content provided as a free resource for blog readers.
 | Your organization must inventory, analyze and understand the access privileges granted to its users to effectively manage risk. Proactive Identity and Access Governance (IAG) can help you answer the critical question: “Who has access to what, and is it appropriate?” NetIQ shows you how in this paper, which they've packed with:
Learn to secure your organization by implementing a proactive IAG program. Request Free! |
Mobile and Remote Access: Balancing Convenience and Security
The following is external content provided as a free resource for blog readers.
 | In today's BYOD world, securing access and maintaining productivity is challenging. Users want access from their own devices, and the applications, data and services they're using are not always secured by a perimeter. How can you provide secure access without inhibiting productivity? In this paper you'll learn:
Get advice on choosing the right solution and the knowledge you need to face today's challenges. Request Free! |
Single Sign-On: with Passwords, Less is More
The following is external content provided as a free resource for blog readers.
 | Your workforce is using applications from a wider variety of sources than ever. Not only does this annoy your users, it's less secure. The solution is simply solved with enterprise Single Sign-On (SSO). Read this paper to learn:
Security and productivity are both at stake: put SSO to work in your organization today. Request Free! |
The Big Shift to Cloud-Based Security
The following is external content provided as a free resource for blog readers.
 | As a mid-sized or smaller organization, there is a lure of feeling safety in obscurity. The truth is your company doesn't have to be a giant global corporation to be in the cross hairs of an attack. Automated exploits of common vulnerabilities can equally sweep up victims on any Internet-facing network. As for targeted attacks, smaller companies are often hit first precisely because cybercriminals know these organizations have weak security – and may be a stepping stone to connected business partners or a large parent company. The good news is you don't need to hire a crew of security experts to effectively manage IT risks and comply with security and privacy regulations. This guide explains how SMBs can use cloud-based security to protect their network and ensure compliance without breaking the bank. Request Free! |
Banking IT Systems Management: Challenges and Solutions
The following is external content provided as a free resource for blog readers.
 | Banking systems need to be readily available and productive, yet secure and protected from data-breach. The risks of irregular maintenance and non-compliance of IT and security policies can cost the organization much in terms of fines, lost opportunities and a damaged reputation. With such a serious and complex challenge, employing an efficient and comprehensive solution is paramount to minimize risk and instill confidence in the organization's ability to fulfill on its compliance requirements. Download this white paper to learn:
Request Free! |
Cryptography For Dummies - eBook (usually $22.99) FREE for a limited time!
The following is external content provided as a free resource for blog readers.
 |
Request Free! |
Space Weather Outlook December 01, 2014 at 01:23AM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-48 2014 November 30 at 11:10 p.m. MST (2014 December 1 0610 UTC) **** SPACE WEATHER OUTLOOK **** Summary For November 24-30 No space weather storms were observed. Outlook For December 1-7 There is a continued chance for an R1-R2 (Minor-Moderate) radio blackout for the forecast period (Dec 01-07) due to potential significant flare activity from active sunspot Region 2222. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Subscribe to:
Posts (Atom)