Just a quick heads up post that Adobe has just released an “emergency patch” for at least 17 holes in Reader and Acrobat. This is likely worth rushing into testing and ultimately production as PDF attacks have become all the rage lately. You can find more information about the patch here: http://www.theregister.co.uk/2010/06/29/adobe_emergency_patch/
Just talked to a client who had dropped a HoneyPoint decoy host in their VPN termination segment a couple of weeks ago. Yesterday, it paid off. They caught a machine that had passed the anti-virus and patching requirements of the NAC for the VPN. The machine was AV scanned clean. But, immediately upon connection the [...]
For this weeks tool review, we’re looking at Splunk. Splunk is a log collection engine at heart, but it’s really more than that. Think of it as search engine for your IT infrastructure. Splunk will actually collect and index anything you can throw at it, and this is what made me want to explore it. [...]
Note: This webinar is being rescheduled for July. Date and time to be announced. This Thursday, June 24, at 2:00 PM – 3:00 PM EST, Phil Grimes, Security Analyst with MicroSolved, Inc., will be presenting a slideshow on DimDim. Join us to learn how to harden a WordPress site! Time will be left at the [...]
In continuing our research and experimentation with PHP and the threat of Remote File Inclusion (RFI), our team has been seeking out and testing various tools that have been made available to help identify web sites that are vulnerable to RFI during our penetration tests. Because we’re constantly finding more tools to add to the [...]
“Consumer use of the cloud”; in a phrase, is how the cloud will leak into your enterprise, whether you like it or not. Already, IT is struggling with how to manage the consumer use of devices and services in the enterprise. Skype/VoIP and WIFI were the warning shots, but the BlackBerry, iPhone, iPad and other [...]
Just a quick note on the recent Google announcement about dumping Windows for desktops in favor of Linux and Mac OS X. As you can see from the linked article, there is a lot of hype about this move in the press. Unfortunately, dumping Windows as a risk reducer is just plain silly. It’s not [...]
Lately, we have been looking at a lot of banking apps and front ends for the iPhone, Android and other mobile devices in the lab. Our testing thus far has shown some great results and it seems like a lot of banks, credit unions and other financial institutions are interested in having an “app” for [...]
So, just a quick thought on this one. What if we, as security folks, made a serious endeavor to reduce the earning capability of those who create crimeware, spyware and other malware? What if we did to them exactly what the gaming companies and MPAA have been saying is killing their business? What if every [...]
This has to be one of the worst, most FUD-filled articles I have seen yet on cyber security. http://www.foxnews.com/scitech/2010/06/03/ways-your-home-susceptible-hackers-cybersecurity/ In the article, many vulnerabilities and threats are discussed, but the article fails to lay out any sense of real risk based on probability or likely damages. In other words, here is a bunch of the [...]