Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Trustwave Locates New VOIP Device Backdoor →

March 08, 2017 by Marc Handelman in Believe It Or Not, All is Information, What Could Go Wrong, Information Security, Hardware Security

Meanwhile, in the Infosecurity.US What-Could-Possibly-Go-Wrong Department, comes this El Reg news item detailing a report published by researchers at Trustwave, of an undocumented backdoor account in DBLTek GoIP products. The kicker you ask? DBLTek has so far failed to remediate the issue, and has left the 'door' swinging on it's creaky hinges... Oops.

"Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure." - via the published Trustwave Report

March 08, 2017 /Marc Handelman
Believe It Or Not, All is Information, What Could Go Wrong, Information Security, Hardware Security

Fresh, from Bucharest...

January 12, 2017 by Marc Handelman in Believe It Or Not, All is Information, Data Security, Database Security, DBMS Security, Information Security

Via CIO Romania correspondent Lucian Constantin, comes bad news indeed, for MongoDB users, that is:

'Five groups of attackers are competing to delete as many publicly accessible MongoDB databases as possible' - via CIO reporter Lucian Constantin

My suggestion is to, um - perhaps...not expose your database layer to external contact... Perhaps a DENY ALL to rule for your MongoDB deployment in your firewall would be helpful as well... just saying. Oh, and very good advice from Lucian at the end of his reportage: Use the MongoDB security checklist. It is - I can assure you - prietenul tău!. I also strongly suggest taking the time to read the Security Hardening documention from MongoDB; you can also download an EPUB version of the MongoDB manual. You'll be glad you did. That is all.

Tip of the Tam o'Shanter

January 12, 2017 /Marc Handelman /Source
Believe It Or Not, All is Information, Data Security, Database Security, DBMS Security, Information Security

Oracle Announces Cloud Identity Management →

September 01, 2016 by Marc Handelman in All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

Meanwhile, in Better-Late-Tha-Never-News, there is a white paper to accompany the latest Oracle Corporation (NYSE: ORCL) announcement.

 

September 01, 2016 /Marc Handelman
All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

Reality Check? Be Judgemental. →

August 10, 2016 by Marc Handelman in All is Information, Information Security, Believe It Or Not

JR Raphael, writing at Computerworld, is now the judge and heir-apparent of what-is-what-shall-be-and-what-is-not-damaging (and least from a security perspective) to the now troubled Android Operating System (in reality all mobile OS's are in deep trouble as they are but a part of a larger, flawed ecosystem - vis. a vis. app store vectored attacks, et cetera).  Regardless, it is now time for you be the judge.

August 10, 2016 /Marc Handelman
All is Information, Information Security, Believe It Or Not