All posts tagged vulnerability

Google’s migrating corporate apps to the cloud is less crazy than it sounds

Google is moving its corporate applications to the Internet. A year ago I would have said that’s the dumbest thing I ever heard. Today I’m not so sure. Sticking stuff in the cloud is the popular answer to everything these days, and I just see the cloud as the new mainframe. It’s not a solution […]

Three things to remember from Verizon’s Data Brach Investigations Report

Every year around this time, Verizon releases its Data Breach Investigations Report, referred to in the trade as simply the “DBIR.” Verizon is one of two companies you call if you’ve been breached and you really want to get to the bottom of what happened and try to keep it from happening again. (Mandiant is […]

In defense of Anthem declining the OIG audit

Anthem recently refused to allow the Office of Personnel Management’s Office of Inspector General (OIG) to perform an audit of its networks. Coming on the heels of a large breach, there’s been a bit of an uproar about it. There are a few things to keep in mind, the first being that this isn’t driven by […]

Dave Farquhar, lunch ninja

My boss doesn’t think I’m human. His proof: He asks anyone who knows me if he or she has ever seen me eat. No one has. They’ve seen evidence of me eating. But actually taking a bite? No. Not even the time we went out for BBQ.

The Forbes Flash hack is a good example of a watering hole attack

You may have heard people like me talk about watering-hole attacks. It’s an indirect attack on someone by compromising a third party and using that to get in. In this case, back in November, attackers got a Forbes ad server, and from there, attacked visitors from government and bank networks. Here’s the logic: Since ad servers […]

Yes, we need to run vulnerability scans inside the firewall

I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to […]

How to become an Info Assurance Analyst

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. The field desperately needs more of us, so I’m happy to share with you how to become […]

Anthem, HIPAA, and encryption

Late last week, the Wall Street Journal reported that Anthem wasn’t encrypting the database containing tens of millions of health records that were stolen by sophisticated hackers. There are numerous problems with that story, the first being that we don’t know yet whether the data was encrypted. There are other unconfirmed reports that say the attackers used […]

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected. I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not […]

Why a non-web server has Apache and OpenSSL on port 2381

I was doing some scanning with a new vulnerability scanner at work and I found something listening on a lot of servers, described only as Apache and OpenSSL listening on port 2381. The versions varied. Luckily I had another scanner at my disposal that solved the mystery quickly: It’s the HP System Management Homepage, a […]