Top Secret Servers. Since 2009.

Blog

CIA Firmware Hacked Popular Wireless Routers Since 2007

For the past decade, the CIA has been able to infiltrate scores of models of wireless routers, gaining access to connected devices from which agents could copy Internet traffic, steal passwords or redirect unwitting users to other sites. Existence of the so-called “Cherry Blossom” firmware modification program is alleged in the latest dump of purportedly […]

WordPress Fixes Security Flaw that Opened Users to Content Injection Attacks

WordPress waited to disclose a REST API Endpoint bug that made sites using WordPress 4.7 and 4.7.1 vulnerable to content injection attacks in order to protect the sites while a security fix was rolled out in WordPress 4.7.2, according to a blog post published Wednesday by WordPress Core Contributor Aaron Campbell. Sucuri security researcher Marc-Alexandre […]

Space: the Ultimate Network Edge

A breakthrough technology developed initially for defense purposes and later commercialized for civilian use is a familiar cadence. One of the most recent examples is free-space optics – a way to use lasers instead of fiber-optic cables to transmit data. Wide adoption of self-driving cars is on the horizon; industrial manufacturers are quickly moving toward […]

NGINX Gains Market Share in August’s Web Server Survey

Netcraft’s August 2016 Web Server Survey, released this week, shows significant losses in market share for Apache, while NGINX boosted its market share nearly across the board. Part of the boost for NGINX comes from the Tengine web server it powers for Chinese ecommerce giant Taobao, which gained over 200,000 active websites between them in […]

Slow Waning of the Enterprise Data Center, in Numbers

While enterprise data centers aren’t going away completely any time soon, the amount of money companies are investing in these facilities and the IT gear they house is declining quickly. More and more workloads are moving to the cloud or into facilities operated by data center providers of various kinds, while corporate IT budgets, with […]

US House Passes Email Privacy Act in 419-0 Vote

The US House of Representatives passed an update to the email privacy act last week in an unanimous vote of 419-0. The bill will now move to the Senate. The bill updates the Electronic Communications Privacy Act (ECPA) of 1986 and closes a loophole that allowed electronic communications to be obtained without a warrant. The […]

What You Need to Know About DROWN

A vulnerability disclosed by researchers this week, called DROWN after “Decrypting RSA with Obsolete and Weakened Encryption,” allows access to all communications between users and the server, as well as secure website impersonation, in some cases. The vulnerability also affects servers which share private keys with servers that support SSLv2. Several web hosts and related […]

Most Internet Devices Run Known Security Vulnerabilities

Regulators and investigators expect businesses to manage risk exposure in 2016, but executives are not sure they’re up to the challenge, according to the Cisco 2016 Annual Security Report, released Tuesday. Vulnerabilities from aging infrastructure, SMBs in the enterprise supply chain, and a disconnect between DNS experts and security teams are contributing to difficulties in […]

Report: Employees Continue to Miss the Mark on Password Security

Cloud and bring-your-own-device adoption are prevalent at US enterprises, but despite the connection between personal device and account security and enterprise data security, the majority of employees reuse passwords and share credentials with family members, according to Ping Identity research. The Ping Identity 2015 Online Identity Study shows that 11 percent of employees believe they […]

Encrypted Email Firm ProtonMail Pays Ransom to Hackers After Massive DDoS Attack

ProtonMail, an encrypted email provider, has been coerced into forking over 15 bitcoin (the equivalent of $6000) by hackers who targeted the provider with a sustained DDoS attack that started on Nov. 3. A recent report pegged 2016 as the year of online extortion, but that time may have come a bit sooner than predicted. […]