Entries by Shearwater

January 2016 Internet Security Report

Threats Microsoft DNS patching – Microsoft released a patch for DNS this month. Reported internally, however may allow remote code execution and should be applied to all Microsoft DNS servers. (MS15-127). Soon after release traffic to port 53 increased on the internet suggesting there may be an exploit available.  If you have external facing Microsoft […]

I Think I Need to Be PCI Compliant… Now What??

By Heather Robins Sometimes, coming to grips with your company’s need to be compliant with the Payment Card Industry Data Security Standards (PCI DSS) feels a bit more like going through the Five Stages of Grief than tackling a standard issue business problem. I’ve been in the Information Security industry for a little over 5 […]

MS15-034 – HTTP.sys Advisory

By Mark Hofman, Terry Darling, and Simon Treadaway 1- MS15-034 – HTTP.sys Advisory (CVE CVE-2015-1635) Microsoft earlier this week released a patch for both servers and workstations, MS15-034. This patch addresses an issue in the file http.sys. The http.sys file is used by the operating system to accept and process HTTP and HTTPS requests. At […]

GHOST Vulnerability Advisory

By Terry Dolbey and Matt Stiles 1- Background on GHOST Vulnerability CVE-2015-0235 GNU C Library (glibc) is the implementation of the C library used by the GNU project. This library provides the core functionality to Unix and Linux (Nix) based Operating Systems and access to common functions used by applications installed on the Operating Systems. […]

Heartbleed Advisory

Background on CVE-2014-0160 (Heartbleed) Secure Sockets Layer (SSL), and Transport Layer Security (TLS) are cryptographic protocols that are used to provide secure communications between a client and a server, and is most often used to encrypt HTTP traffic. SSL and TLS can also be used to secure other communications protocols including those used by email […]

Discovering information leakage in files

[NOTE: All information was gathered from public websites] Discovering information leakage in files and why it’s important? During the build-up to our recent product launch of “phriendlyphishing.com”, Shearwater Ethical Hacking team (SEH) conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations and governments every day. […]