The Tech Cor­ner

The Standard Journal - - LIFESTYLE -

The Tech Cor­ner is a tech­nol­ogy news and ad­vice col­umn pre­sented each week courtesy of Melvin McCrary at Ge­or­gia Com­puter De­pot in Cedar­town. pli­ca­tions on af­fected web servers af­ter its proof-of­con­cept ex­ploit code was up­loaded to a Chi­nese site.

De­spite patches were made avail­able and proofs that the flaw was al­ready un­der mass at­tack by hack­ers, Equifax failed to patch its Web ap­pli­ca­tions against the flaw, which re­sulted in the breach of per­sonal data of nearly half of the US pop­u­la­tion.

“Equifax has been in­tensely in­ves­ti­gat­ing the scope of the in­tru­sion with the as­sis­tance of a lead­ing, in­de­pen­dent cy­ber se­cu­rity firm to de­ter­mine what in­for­ma­tion was ac­cessed and who have been im­pacted,” the com­pany of­fi­cials wrote in an update on the web­site with a new

For those un­aware, Apache Struts is a free, open-source MVC frame­work for de­vel­op­ing web ap­pli­ca­tions in the Java pro­gram­ming lan­guage that run both front-end and back-end Web servers.

The frame­work is used by 65n per cent of the For­tune 100 com­pa­nies, in­clud­ing Lock­heed Martin, Voda­fone, Vir­gin At­lantic, and the IRS.

Since the hack­ers are ac­tively ex­ploit­ing the vul­ner­a­bil­i­ties in the Apache Struts web frame­work, Cisco has also ini­ti­ated an in­ves­ti­ga­tion into its prod­ucts against four newly dis­cov­ered se­cu­rity vul­ner­a­bil­i­ties in Apache Struts2.

The FTC an­nounced that the iden­tity theft pro­tec­tion firm LifeLock will pay $100 mil­lion to re­solve al­le­ga­tions that the com­pany made false state­ments about its ser­vices and failed to safe­guard con­sumer data. This set­tle­ment rep­re­sents the largest of its kind in an FTC or­der en­force­ment ac­tion.

Re­searcher Dis­closes Flaws in D-Link 850L Wire­less Routers

A se­cu­rity re­searcher has dis­cov­ered a total of ten crit­i­cal zero-day vul­ner­a­bil­i­ties in routers from Tai­wan-based net­work­ing equip­ment man­u­fac­turer D-Link which leave users open to cy­ber-at­tacks.

Pri­vate keys hard­coded in the firmware — the pri­vate en­cryp­tion keys are hard­coded in the firmware of both D-Link 850L Rev A and Rev B, al­low­ing to ex­tract them to per­form at­tacks. Kim ad­vised users to cut the con­nec­tions with the af­fected D-Link router in or­der to be safe from such at­tacks.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.