Security Alerts

The FBI’s Nonsensical Advice to Reboot Infected Routers

The gov’t is a dubious source of information about cyber security.  I have personal experience in this area….. Rebooting an infected router will do NOTHING to stop this botnet.  Rebooting the router(and the FBI is aware of this) will only stop the active payload that can lunch attacks.  The payload that allows the re-infection of the device is still inside the devices firmware which will result in a re-infection of the device.  There is only […]

Spectre and Meltdown. How Susceptible Are you?

There’s a ton of crap running around about these vulnerabilities.  This video talks about the vulnerabilities on a user level and gives some background on exactly where the problem lies and much you should worry.  A technical paper on this is upcoming.  This is only a basic overview so the non-techies out there can truly understand what is going on.

How bad is the IntelME problem?

Every machine Intel has shipped from 2007 to present has had this below firmware..below the operating system thing in it.  All Intel CPU’s use the ME to boot at first..then the bios takes over..then the OS. It is too bad it tool this long to come out.  Honestly, I never fully trusted any Intel machines(yes i am on one right now that is “patched”) but unfortunately AMD was never a truly competitive chip for the […]

Apple Values Your Privacy…Not Really.

We all know google mines everything..that’s been well established by Google themselves.  We knew Apple mined our data and “keeps it private”.  I always called BS on their privacy stance…Here’s the proof: Still think Apple values your privacy?  I put this squarely on Apple as they did not have to give up this priveldge to Uber….they chose to.  The security implications are huge as a single weakness in the Uber app effectively gives you […]


*UPDATE*  It turns out Linux is especially vulnerable to this vulnerability.  this means Android is especially vulnerable.  Linux(and by extension Android) can be tricked into using a zero encryption key which means the attacker can easily watch all traffic on that access point.  this means most home and SMB routers are: 1. Wide open to this attack. 2. Most of them will never get patched for this. Let’s make one thing clear.  This does not […]

Firewall IOT Properly..Yet Another 0-day for IOT

Yet another IOT security issue.  this one is actually a remote code exploit so once again a flaw allows IOT devices to get taken over Two things: Do not let IOT have access to your internal network.  It MUST be firewalled onto its own network. Do not allow IOT access to the Internet unless needed..and then you need to configure the firewall to only out communications on the ports it requires to function. Keep IOT […]

Another Ransomware Package is Spreading Rapidly

There is a new ransomware package spreading worldwide and it is even getting more companies in the US then WannaCry hit. It uses the Petrwrap ransomware package. This package leverages known vulnerabilities that have had patches out for quite some time. If you are not sure your systems are up to date on their software updates contact me to do a network audit. I will also let you know if your backups are ransomware resistant […]

The Worldwide Ransomware Outbreak.

Ok the news is on fire with news of a massive malware attack.  This malware is called ransomware.  I have been talking about ransomware since early last year and I have been talking about how to not get yourself infected since 2010. When I started this company I had already been watching and fighting malware.  I had a pretty good plan of some basics to not get yourself infected.  Rules 1-4 were the primary rules […]

WordPress Security Flaw Under Active Attack. ETC Enhanced/Fully Managed ...

WordPress 4.7 was recently released and they added a new API to make it easier for third parties to integrate with WordPress.  Unfortunately, this new feature was not fully evaluated for its security implications before launching.  This new system went too far in allowing remote access to the point of giving a list of all the users of the site and in some cases allowed the compromise of the site.  It allows attackers to modify the […]

A Dubious IOT Product With Some Serious Network Problems..Are We ...

From if it sounds to good to be true it probably is department: I was notified about something being hawked on a public Facebook page. Supposedly you can “fire your cable company” with this little box. What got them suspicious is the fact the seller would only do business on PM, with no public pricing information, and no real details about the product. The only things presented were a couple of screenshots of live events, […]