Tech-2 Security

It's been quite a while since a vulnerability like this has been uncovered.  There is no doubt that this is a serious one and it affects many products.  What makes this a problem is not only that it has serious consequences, but also that it isn't that hard to exploit.  Affected versions of OpenSSL have also been around for a long time since around April 2012 meaning the impact up to now is unknown. Recommendations are to patch the affected products, renew certificates and ensure users change their passwords. OpenSSL versions 1.0.1 - 1.0.2.  OpenSSL advise Affected users should upgrade to OpenSSL 1.0.1g and users unable to immediately upgrade can opt to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.  1.0.2 will be fixed in 1.0.2-beta2. The list below are links to some of the affected products.  There are many more. VMWare http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225 Fortinet http:...

As we know, many home users and businesses are still running Windows XP as their Desktop Operating System. With support for Service Pack 3 ending in April this year (2014), the likelihood of increased malware and virus' is very high on these systems. This information should not be taken lightly, due to the very real threat which will continue to rise the older the Operating System gets. If a vulnerability is found and remains un-patched then businesses will be taking unnecessary risks. When support is discontinued there will be no patches so the security holes will remain open waiting to be exploited. Contrary to what many believe, this isn't Microsoft looking for ways to make more money. XP is three generations old if you count Vista, Windows 7 and now Windows 8. It's time to upgrade Windows or Migrate to a different OS completely.

I received a voicemail, then text then a call to my home phone from the bank to call them. I verified the number was legit and contacted the bank. They didn't ask any questions but were able to verify my recent transactions so were genuine. However twenty minutes prior to the call someone had placed an order on Play.com for £500 using my details. Luckily for me the bank had the sense to block the transaction and contact me. I had to cancel my card. I decided to contact Play.com to tell them what had happened and after some cross referencing they could see that an order had been placed on a very recently created account using my bank details, but a different delivery address. The customer services lady was a bit shocked when she then cross referenced the delivery address to find that six other orders using other peoples details had also been placed today for delivery to that address. Unfortunately for those people it looks as if the transactions had at that point completed. ...

Click here to read the article. Yahoo Mail Breach

Tech-2 are currently in the process of investigating another potential online scam which dupes the user into making a booking through what appears to be a valid website. Infact it would appear that the booking money is taken, yet the user never receives what they have paid for. More details will be posted on this investigation including the offending website URL if proven true. Watch this space.

A two day seminar held by LAN2LAN Limited in Leatherhead was deemed a success judging by the participant reviews. The seminar focused on hacking techniques, malware and demonstrations in order to provide more awareness of the types of issues we may be faced with.

SC Magazine Full Story