Month: October 2019

MsSql Backdoor

A hard coded password has been found in older versions of MsSql. Upgrade now Details here https://www.theregister.co.uk/2019/10/22/eset_sql_server_backdoor/

Red Team Methods

Large Organizations have developed teams to test their security. The Red team plays the role of the attacker and the Blue team is the defender. A list of red team methods for password enumeration here. Good explanations. Knowing how an attacker exploits your environment lets you create a plan to defend that environment.

Teamviewer the good the bad…

Teamviewer is an indispensible tool if you support remote workers BUT it is susceptable to password guessing attacks as demonstrated here. Reduce your risk by enabling 2FactorAuth for TeamViewer and other Cloud native apps. TeamViewer has supported 2fa since v9. Documentation here

DNA Tests

Don’t. The results of your test are not private from authorities or anyone with a warrant. If my brother commits a crime and leaves DNA evidence, I am now a prime suspect. If we somehow use DNA as an authentication source in the future, you don’t want your’s compromised due to lack of security. Biometrics …

DNA Tests Read More »

Apple Bonjour & iTunes

Bonjour aka ZeroConf aka Avahi is a service installed by iTunes, which has recently been used to proliferate malware in some manufacturing companies. Update iTunes. BEWARE; if iTunes is uninstalled Bonjour is NOT. So admins will need to scour their workstations for lingering copies of Bonjour. It is possible to listen for Bounjour announcements but …

Apple Bonjour & iTunes Read More »