Good luck Lenovo and thank you for the Superfish!

When you purchase a laptop it comes with some default, pre-installed applications. I personally hate this and it is quicker to format the laptop with a fresh install than go down the route of uninstalling all the <r@p-ware one by one. 
Have you ever bought a new Vaio? The amount of extras installed and running in the background take upon most of the resources. 
However, this post is about the Lenovo laptops which also contain a number of added "features". One of the added "features" is an adware which activates when taken out of the box for the first time. This adware ships with all consumer PCs from Lenovo and uses a certificate to perform a man-in-the-middle attack in order to inject ads into the user's browser. 

PCI SSC bulletin on impending revisions to PCI DSS, PA-DSS (updating to version 3.1)

The Payment Card Industry Security Standards Council (PCI SSC) in order to address few minor updates and clarifications and one impacting change, will publish a revision to the PCI DSS and PA-DSS v3.0 in the following weeks. The following bulletin will be issued on the PCI SSC website on 13 February in regards to this impending update to the standards.

Private IPv4 and IPv6 address spaces

In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 for Internet Protocol Version 4 (IPv4), and RFC 4193 for Internet Protocol Version 6 (IPv6). These addresses are commonly used for home, office, and enterprise local area networks (LANs), when globally routable addresses are not mandatory, or are not available for the intended network applications. Under IPv4, the private IP address spaces were originally defined in an effort to delay IPv4 address exhaustion, but they are also a feature of IPv6, the next generation Internet Protocol.

These addresses are characterized as private because they are not globally delegated, meaning that they are not allocated to any specific organization, and IP packets addressed with them cannot be transmitted through the public Internet.

To Flash, or not to Flash?

Adobe suffers its third critical vulnerability (CVE-2015-0313) for this year. The vulnerabilities are exploited by the use malicious advertisements known as malvertising attacks. Due to the fact advertisements are designed to load once a user visits a site, the infection happens automatically. 

The affected version of this third vulnerability were:

• Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac OS X
• Adobe Flash Player 13.0.0.264 and earlier 13 x versions

There are two Flash player updates already released by Adobe to mitigate the two previous vulnerabilities (CVE-2015-0310, CVE-2015-0311) and new updates are expected during this week for the latest vulnerability. 

In the meanwhile, make sure your flash does not load automatically by enabling the click-to-play feature of your web browser, make sure your AntiVirus solution is up-to-date, make sure you have the latest Flash player installed downloaded only by the legitimate Adobe website and last but not least, use an ad-blocker. 

Abertay Ethical Hacking Society run their fourth annual Security Conference: Securi-Tay IV

Securi-Tay [1] is an Information Security conferece held by the Abertay Ethical Hacking Society [2], and supported by the Abertay University in Dundee. The aim of the conference is to provide an opportunity to industry professionals, students and information security enthusiasts to attend and share knowledge and information. This year will be the fourth year the conference is taking place (hence the IV) and it will be held on February 27th, 2015. Personally, I believe this conference offers a fantastic opportunity to students to meet and network with experts in the area of security, share information and have a first glance on how their future in the security industry can be like. 

I was very pleased to get accepted to speak at the conference this year and I am already looking forward to it.