Redhat remediation solution through Ansible Tower play books … dealing mostly with security risk assessment and mitigations (patches and more) https://www.redhat.com/en/about/press-releases/red-hat-delivers-analytics-driven-automation-latest-version-insights-ansible-integration
This is about rouge apps that preset the environment that other mass used apps will need once activated. Those rouge apps can later hook to those resources, having unauthorized access due to the fact they initiated the creation of the place holder for those resources.
The iOS sandbox protection mechanism can't yet block this vulnerability.
This becomes very unsettling if you consider your iOS and OSx keychain password store can be exposed as well…
Read more on how this works and how to mitigate the risk. Basically avoid installing apps from
Those are 11 worthy minutes of debate over the UK proposition for government back doors within encrypted communications.
The last 2 minutes say it all..
"I have to trust the agencies we can have those back doors working" vs. "You will need a less secure version of Windows OS and iPhone".
Check this out…
IBM and Facebook as well as others are starting to contribute to a massive big data based repository of threat related information.
I had an internal startup for some time that was targeting security as well as general operational data to point to trends that need attention such as disk series that are reaching failure points, apps that suddenly morph and such.
Another topic was cleansing the data from any personal or internal information by tokenizing it.
I stopped this startup since I got to meet someone who was doing the same and pointed to the fact that there's already enough data on one hand (and now per this post we have got much more of that) and on the other hand companies would agree to share cleansed data but would not be able to do it due to regulations that take time to defuse.
In any case you have now lots of data too sip through if you are a hungry Data scientist…
Explore the World’s Biggest Data Breaches with This Interactive Chart
While this may be an old news for you, I still see cases where it is overlooked. Intel's processors supporting AES-NI standard can boost your encrypted data processes if the software you use utilizes the 7 processor encryption related built-in instruction set. It also includes DRNG (Dynamic Random Number Generator). So IT Managers want to make sure any server they have doing lots of encryption, has those new processors, while developers should make sure they use the AES-NI libraries for the encryption related code they create. Click here for info on AES-NI processors, software toosl and more.
If you develop or use web based products that relay on SSL (that actually includes every one) you now have a new topic to worry about.
Researchers demonstrated on the BlackHat USA 2013 August conference, an exploit of header data breach for SSL sessions, named "BREACH".
The claim is they could quickly and easily expose session header data for compressed SSL sessions, by using a statistical based algorithm. They inject their own data into the session, then use statistics to analyze the resulting compressed web server response, to infer what the original session header data included.
This puts at risk any product that includes a web service which repeatedly communicates sensitive data, such as security tokens, cookie information and similar, in the session header information.
This seems as a massive issue due to those reasons:
Developers, be warned!
Users, better review your critical web app providers security awareness and responsiveness…
For you the Security Pen Testers, there is a new kid in town.
Listen to this post here:
Kali Linux is the new distribution of the famous BackTrack Linux used for 7+ years as the Pen Testers Open Source toolset of choice.
Why should you consider using it?
- It's what the Backtrack team will be supporting for the long term
- Synced with Debian (if you prefer Debian) – you can get automatic daily updates if any are available
- Security tools are closely inspected and maintained
- You can customize your Kali installation during its setup
- Automated installs (fresher than stale point in time ISOs…)
- Better ARM architecture support for the tools
- Flexible choice of your desktop environment (KDE, LXDE, XFCE, Anything else)
- No need to re-install or re-setup your Kali install, as new major Kali versions are released
All in all, Backtrack got "Enterprised" into Kali…
Would you now switch to Kali Linux?
Note that both Backtrack and Kali Linux contain great tools such as Nessus and Metasploit, set for "labor-intensive" use. If you want it to automatically do the work for you, across many systems, through a workflow that will save you a LOT of time, you'll have to pay for the "Professional" variations of those tools.