Monthly Archives: September 2014

Data breach that hit Jimmy John’s is larger than first thought

Posted by Clayton Bellot on September 29, 2014
Uncategorized / No Comments

Computerworld magazine posted in an article on September 26, that the number of stores effected by this breach had increased from 108 to 216 (http://www.computerworld.com/article/2687802/data-breach-that-hit-jimmy-johns-is-larger-than-first-thought.html?source=CTWNLE_nlt_security_2014-09-29#tk.rss_security0).

Jimmy John’s as released a statement addressing this issue and provided a utility to search store location effected by this incident of which two location are in Springfield:

https://www.jimmyjohns.com/datasecurityincident/storedates.html

 

Bourne Again Shell (Bash) Remote Code Execution Vulnerability

Posted by Clayton Bellot on September 25, 2014
Uncategorized / No Comments

US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

ITS to begin assigning SHA-2 Certificates

Posted by Clayton Bellot on September 24, 2014
Uncategorized / No Comments
Microsoft, Google, and Mozilla have all announced that they will stop accepting SHA-1 signed certificates in the near future. Existing certificates which expire after January 1, 2016 will potentially encounter this issue and should be reissued before January 1, 2016. This will affect all certificate types, including code signing certificates.
To address this issue, all InCommon server certificates issued by ITS as of September 24, 2014, will use SHA-2 hashes by default.

Apple’s iOS 8 fixes enterprise Wi-Fi authentication hijacking issue

Posted by Clayton Bellot on September 24, 2014
Uncategorized / No Comments

Appleā€™s iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.

http://www.cio.com/article/2686514/apples-ios-8-fixes-enterprise-wifi-authentication-hijacking-issue.html?source=CIONLE_nlt_enterprise_2014-09-24#tk.rss_patches