Security Roundup - 2016-01-11

Posted on  by


More SHA1 News

SLOTH Attacks Make It Even More Important To Get Rid of SHA1 and MD5

Not just for TLS, but SSH as well. “Against IKE initiator authentication, the researchers were able to carry out impersonation attacks, and downgrade attacks against SHA-1 in SSH 2 and TLS 1.1 handshakes.” Is doing SSH handshake analysis too intrusive?

Presentations

32c3 Videos

Latest c3 conference presentations, which contain quite a few security topics. Just found out about this, so haven’t watched anything yet, but a few I plan to watch:

Lots Of Security Issues With Hardware Appliances

More Juniper Fixes on the Way

After a more extensive review, Juniper to replace random number generation in a number of products. Said random number generation (Dual_EC), was known to be backdoored in 2007.

Modem Vulnerability Left Blackphone Vulnerable

Remote root level exploit discovered in modem system.

Comcast Home Security System Vulnerable To Attack

Jamming sensor communication causes base station to think everything is fine. An example of failing ‘open’ as a problem.

FireEye Patches Vulnerability in Passive Monitoring System

Allowing for attackers to have FireEye execute malicious code via email, without any human intervention.

On The More Business-y Side

Cockroaches Vs Unicorns

Venture Capital and Cyber-Security.

How To Make Your Security Assessments Actionable <https://community.rapid7.com/community/infosec/blog/2016/01/08/how-to-make= -your-security-assessments-actionable> Short post, but interesting read given we are essentially making security assessments. What extra information can we provide to make sure our issues are easily actionable?