Zombie servers will kill you

You thought it was buried. You forgot. Someone didn’t document it. A ping sweep didn’t find it. It lay there, dead. No one found it. But there was a pulse:It’s still running, and it’s alive. And it’s probably unpatched.

Something probed it long ago. Found port 443 open. Jacked it like a Porsche 911 on on Sunset Boulevard on a rainy Saturday night. How did it get jacked? Let me count the ways.

Now it’s a zombie living inside your asset realm.

It doesn’t matter that it’s part of your power bill. It’s slowly eating your lunch.

It doesn’t matter that you can’t find it because it’s finding you.

It’s listening quietly to your traffic, looking for the easy, unencrypted stuff. It probably has a few decent passwords to your router core. That NAS share using MSChapV2? Yeah, that was easy to digest. Too bad the password is the same as the one for every NAS at every branch from the same vendor. Too bad the NAS devices don’t encrypt traffic.

To read this article in full or to leave a comment, please click here


Uncategorized

Apple will host Xcode on Chinese servers following malware attack

091615-ios-9-no-hands-thumbnail-5

Feed-twFeed-fb

Apple’s developer software Xcode will soon be available to Chinese developers.

First spotted by Apple Insider, this news comes on the heels of a malware attack on apps in the App Store.

Last week, security researchers at Palo Alto Networks discovered the infected apps and publicized an analysis report detailing the malware’s spread and impact. Xcode is a set of software tools developers use to create iOS apps, but a modified version of Xcode containing the malware, dubbed XcodeGhost, made its way into the App Store.

As Palo Alto Networks explains, the standard Xcode installer is nearly 3GB, which means it could take even longer to download large files from Apple’s servers in other countries. In response to this, some Chinese developers choose to download the software from other sources or obtain copies from colleagues. It’s also hard for developers to detect malware like XcodeGhost because it’s deeply hidden. Read more…

More about Iphone, Apple, App Store, Tech, and Apps Software


RSS-3