Security Awareness of the Heartbleed Kind

“Should I change my password?” “OK, I changed my password, now I’m secure, right?” Media reports over the past month certainly heightened security awareness and drove the public to sit up, pay attention, and do “something.” What that something is, depends on the guidance people heard, the importance of the service they are using and what…

Details

Microsoft Releases Patch for Zero Day Flaw

Microsoft released an out-of-band patch today for an Internet Explorer zero-day flaw, which was already being exploited in the wild. Surprisingly, Microsoft opted to release a patch for Windows XP, which officially ended support earlier this month. Microsoft disclosed the zero-day vulnerability (CVE-2014-1776) in all versions of Internet Explorer, from IE 6 to IE 11,…

Details

4 Warning Signs Your Pentester Isn’t “Getting It”

When it comes to penetration testing, it’s a fact that many organizations will engage third party consultants to perform the service.  The reasons why this is so aren’t hard to understand: doing penetration testing well requires a specialized set of skills and tools, and keeping those resources and tools at an acceptable skill/performance level (to…

Details

Browsing Security. Again. Major Vulnerability in IE.

Here we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.” The fact that a zero day in IE6 through…

Details

White House Statement on Heartbleed Bug Misses the Mark

This week the White House felt the need to formalize statements the President has made on responsible disclosure. They did so through a blog post penned by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator. Daniel acknowledges the issue, partly highlighted by the insinuation that the HeartBleed bug may have been known and used…

Details

Active Threat Protection: The Future of Managed Security Services

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Cisco’s announcement earlier this week that they were launching a Threat Defense Managed Service was surprising in that it was the first…

Details