Follow:

Latest articles in ‘Industry’


  1. Why making good software is deemed not profitable

    Published: Thu 23 November 2017 in Opinions.
    You thought that large companies have the means to produce high quality software? The situation is a bit more complex, let me explain you why.

    Another company got caught his hand in the cookie jar, and this time we are not talking of the firmware of some cheap home router:

    CVE-2017-10151, CVSS 3.0 Base Score 10.0:

    Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3.

    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager.

    While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products.

    Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager.

    The issue is pretty simple: Oracle added a default account with administrative privileges and hardcoded credentials to their product to alleviate development work. This what is commonly called a backdoor.

    While there is obviously no statistics available about such practices …


  2. Mr. Robot (TV show by Sam Esmail, 2015)

    Published: Wed 22 November 2017 in Library.
    A review on 'Mr. Robot' TV series, which started with a very engaging first season but sadly seems to wither away.

    Mr. Robot is an interesting project trying to create a television series featuring accurate “hacking” techniques and real-life events, as opposed to most “hacker” movies and series which just project the general public phantasms on the screen.

    I used to redirect people asking me for some “hacking trick” to this series, and several websites and blogs use it as a illustration to provide fundamental knowledge in IT security and help people take conscience of various risks.

    As I write this post, we have now reached the middle of the third season, and while I was and still am very enthusiastic regarding the first season my feeling are now more than mitigated about its sequel.

    Note

    For those who haven’t seen this series yet, I won’t get into any storyline details here, except a bit when listing some season 3 issues. Most of this post should be spoiler-free, however …


  3. NSA and Microsoft, toward a tighter “collaborative teamwork”?

    Published: Tue 16 May 2017 in Opinions.
    An history of forced love and denial between the National "Security" Agency and large corporations.

    This article is somewhat a sequel of my thoughts about the Wannacry case.

    The NSA relies on a large database of undisclosed and unfixed software vulnerabilities database to allow them to hack their way into any system either deemed hostile or useful for their intelligence gathering. As explained by explained by the former NSA director Michael Hayden:

    If the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts.

    It is only if the NSA estimates that the exploit may be known to someone else, and therefore represents a potential risk to the US safety, that they will inform the vendor for the vulnerability to get fixed.

    It may happen that sometime this process gets a hiccup, with a vendor interfering with NSA activity like it most probably happened to Microsoft with the MS08-067 …

Popular tags see all

Website

Author

Follow