Some of Our Sources
- TutsPlus - Code
- Team Treehouse
- Pearsonified
- Inspiredology
- Naldz Graphics
- FanExtra - PSD
- Noupe
- Web Design Ledger
- Reencoded
- Codrops
Help Webnuz
Referal links:
August 10, 2015 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ziEKoZmv8vw/manipulating-microsoft-wsus-to-attack-enterprises
Manipulating Microsoft WSUS To Attack Enterprises
msm1267 writes: Microsoft's enterprise-grade Windows Server Update Services (WSUS), used to download and distribute security and driver updates, poses a significant weak spot if not configured properly. Researchers Paul Stone and Alex Chapman during last week's Black Hat conference presented research (PDF) on the the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL. While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could, with some work, tamper with the unencrypted communication and inject a malicious homegrown update.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ziEKoZmv8vw/manipulating-microsoft-wsus-to-attack-enterprises
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot