For solutions to these and other problems please contact us at The-Techy.com

Want to learn how to counter Mobile App Risks?

April 18, 2020 Leave a comment

In what seems like a comprehensive list of the OWASP Mobile top 10, this blog entry from AppSealing brings you a great article about what developers need to worry about to protect your mobile apps.

AppSealing is an app-wrapping approach to protecting your mobile application and is a great approach to solve many issues after you have developed your app. You can look at it as an emergency curbside tire inflation kit. Nice to have and not need than need and not have.

It might be better to find a cure instead of just treating the symptom. If you can, make use the risks identified in this blog to effect design changes to your app to avoid many of these vulnerabilities from occuring.

Review this post to become aware of the many issues that plague mobile developers.

https://www.appsealing.com/owasp-mobile-top-10-a-comprehensive-guide-for-mobile-developers-to-counter-risks/

Categories: General

Great news for all you iOS hackers!

April 12, 2020 Leave a comment

You can now sideload unverified apps on iOS without Jailbreak or revokes. Anyone who thought that iOS was more secure than Android is going to learn the hard way. MDM rules are going to need to really clamp down on malicious apps.

https://www.notebookcheck.net/You-can-now-sideload-unverified-apps-on-iOS-without-Jailbreak-or-revokes.461039.0.html

Categories: General

What is Windows Virtual Desktop? – The Redmond Cloud

April 6, 2020 Leave a comment

Can it be that MS has learned from all of that RDP vulnerability and come up with a novel way to enable VDI for us all?

https://www.theredmondcloud.com/windows-virtual-desktop/

Categories: General

OWASP Mobile Top 10: Comprehensive Guide To Counter Mobile App Risks

April 4, 2020 Leave a comment

Here is a great article about the specific risks that mobile apps face. Learning about the attack surface of your mobile applications can help your organization plan how to avoid breach – https://www.appsealing.com/owasp-mobile-top-10-a-comprehensive-guide-for-mobile-developers-to-counter-risks/

Categories: General

U.S. Government: Update Chrome 80 Now, Multiple Security Concerns Confirmed

April 2, 2020 Leave a comment

If you use webaudio in a browser like Chrome, you should be interested to learn that three severe vulnerabilities are being fixed and all you have to do is upgrade your Chrome!

Whether you use WebAudio or not, if someone sends you a link to a site that has one of these vulnerabilities, you are probably already pwned.

The details are being held back but you can read more in the announcement here…

https://www.forbes.com/sites/daveywinder/2020/04/02/us-government-says-update-google-chrome-80-now-multiple-security-concerns-confirmed/

Categories: General

Incident Notification

April 1, 2020 Leave a comment

It is very sad to report another breach for the Marriot chain of hotels. Read more about it here https://mysupport.marriott.com/

Categories: General

Cloud Database Leak Exposes 425GB of Financial Data

March 20, 2020 Leave a comment

A financial startup (known as a fintech) has put almost half a terrabyte of data in a cloud based storage for use in a mobile app.

Security specialist with concerns for the inevitable future of OpenAPI for banking have been screaming about this nightmare for years. What do we do for the 100s of 1000s of people who have now lost their financial data?

Steps should be taken to encrypt this data at rest to address this very situation WHEN it happens and not allow the use of data by fintechs without these controls. Allowing banks to encrypt all data before it is shared and sharing the keys to registered companies may be the only sure way to prevent this in the future.

https://www.infosecurity-magazine.com/news/cloud-leak-exposes-425gb-financial/

Categories: General

Think Open Source Software is secure, think again?

March 13, 2020 Leave a comment

So you thought that when all the source code was available for everyone to see, you would have a better chance of finding bugs right?

It turns out that just because everyone can read it, that doesn’t mean anyone will do anything about it? I mean, this software is created by volunteers, modified by volunteers and used by anyone who wants to use it. Who said anything about making sure it was secure?

Over 10 times as many as a decade ago!
Categories: General

Forbes: Jack Welch, Former General Electric CEO And Chairman, Dies At 84

March 2, 2020 Leave a comment

A titan in the world of management and a hero to us all.

Forbes: Jack Welch, Former General Electric CEO And Chairman, Dies At 84. https://www.forbes.com/sites/lisettevoytko/2020/03/02/jack-welch-former-general-electric-ceo-and-chairman-dies-at-84/

Categories: General

NTLMv2 – no problems

February 29, 2020 Leave a comment

I really like when someone takes the time to show how fragile our networks really are.

Use a sniffer to collect your favourite ntlmv2 challenge and plug it into your monster hashcat box. Plug it in and turn it up on high until it warms the room and soon…

Out comes your one of your corporate colleagues password! (Serve warm) 🤟

https://research.801labs.org/cracking-an-ntlmv2-hash/amp/?__twitter_impression=true

Categories: General