• Not Vulnerable – Intel Itanium/Secure64 SourceT

    Intel Itanium and Secure64 Source T are NOT vulnerable to either Spectre or Meltdown and below are explanations of how both vulnerabilities work, and why Itanium and SourceT are immune. by John Worley, Director of Engineering, Secure64 The newly announced vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) code named Spectre and Meltdown have…

    Read More
    0 4512
  • Please build securely – before robots kill us

    Over the past couple of weeks, the world has been given WannaCry, which moved like wildfire through the globe and has given rise to multiple theories of origination from North Korea and not North Korea, and was dubbed “a pretty shoddy piece of work”.  As of this writing no one…

    Read More
    0 3167
  • The Grinch Comes Early for BIND Users

    The grinch showed up early for BIND users this year, in the form of two new critical security vulnerabilities that can crash BIND. The two vulnerabilities are: • CVE-2015-8000 • CVE-2015-8461 ISC has released patches of its BIND software that correct the problem. Users of BIND-based appliances from vendors such…

    Read More
    0 842
  • Secure64 DNS Products Not Vulnerable to BIND Security Flaw

    On July 28, 2015, the Internet Systems Consortium reported a critical security vulnerability in BIND, CVE-2015-5477. This vulnerability, which affects both BIND recursive and authoritative servers, is caused by an error in the handling of TKEY queries, allowing a remote attacker to crash BIND by sending a deliberately constructed query. This vulnerability is…

    Read More
    0 575
  • Secure64 SourceT OS not vulnerable to NTP flaws

    CERT recently reported two Network Time Protocol (NTP) vulnerabilities (CERT VU#374268 April 7, 2015) . The first one concerns some versions of NTP Project software that will accept packets without authentication digests as if they actually had valid digests attached, and the second one describes a Denial of Service (DoS)…

    Read More
    0 499
  • More Defenses Against Pseudo Random Subdomain Attacks (PRSD)

    This blog post provides three techniques that can be used to protect resolvers against pseudo random subdomain attacks (PRSD).

    Read More
    0 2008
  • Firezilla FTP

    Recently, a fake version of the popular Filezilla File Transfer Protocol (FTP) client has been made available for download on some sites. This fake version of Filezilla looks and works as expected but it also harvests login credentials in the background. These credentials are secretly sent to a hacker owned…

    Read More
    0 1050
  • Developing a Framework to Improve Critical Infrastructure Cybersecurity

    Here are thoughts from our CTO, Bill Worley PhD, on properly securing critical infrastructure in our highly connected world. They are particularly applicable with what we have seen in the last year with increased DDoS attacks focused on the DNS and compromised systems for the theft of intellectual property.

    Read More
    0 1543
  • DNSSEC Adoption is Slow for Government Agencies

    Even though more than two years have passed since federal government agencies were required to support DNS Security Extensions (DNSSEC) on their web sites, only 57 percent of agencies have met these requirements. In other words, about 40 percent of federal agencies have not secured their domains to protect users…

    Read More
    0 502
  • Recent Government Cybersecurity Actions

    Last week President Obama signed an Executive Order in an attempt to strengthen the cybersecurity of critical infrastructure in the United States. This is an area much in need of improvement, but this Executive Order barely scratches the surface. The main points addressed by the order are to facilitate information…

    Read More
    0 578
Translate »
Contact Us