>
Today marks the 11 year anniversary of the “September 11th” attacks. It is on these days of remembrance that our memory serves as a tool to heal us, to free us from the emotional burdens that can keep us from moving forward. This happens not by allowing these memories to fade from our consciousness, but [...]
Continue Reading
Oracle can be the butt of a lot of jokes when it comes to software security researchers. This Patch Tuesday, however, Oracle has taken things to the next level by not just having poorly secured products of their own but also providing the world with a remote vulnerability within Microsoft Exchange. Microsoft security bulletin MS12-058 [...]
Continue Reading
In short: Get MS12-043, MS12-045, and, if running IE9, MS12-044 patched and get back to that game of Where’s My Water? MSXML 0day fixed? This month’s Patch Tuesday bulletins bring an end to a zeroday vulnerability within MSXML that was first announced towards the beginning of June. Specifically MS12-043 has the fix that IT folks [...]
Continue Reading
Stop me if you’ve heard this one before: there is a new piece of malware and this one is even worse than the last one. It is bigger, scarier, more complex and will take years, according to some estimates, to actually ever know what the malware really does. And of course it already has a [...]
Continue Reading
It has been roughly a year since we released our original paper titled “In Configuration We Trust.” The goal of that research was to try to draw awareness to the fact that a lot of security improvement can be made simply by how you architect your network and configure your operating systems and applications. These [...]
Continue Reading
This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given [...]
Continue Reading
This week I was invited to lend my “expert thoughts” on a recent news piece on a UK intelligence agency which has opened up their hiring practices to include an online code cracking competition. The team over at CNN’s Situation Room thought this was an interesting concept and invited me in for a quick discussion. [...]
Continue Reading
So, as everyone has hopefully heard by now, the world is indeed coming to an end because of a new piece of malware dubbed Duqu. Duqu is supposed to be based off of Stuxnet and therefore it makes it the scariest thing in cyber space or, as FoxNews.com said, “Stuxnet Clone ‘Duqu’: The Hydrogen Bomb [...]
Continue Reading
I had to do a double take on my Google Alerts this weekend when I saw the first of discussions around a worm dubbed “Morto” infecting systems via weak password brute forcing of Windows accounts over the Remote Desktop Protocol (“RDP”). These automated worms take me back, to the old days of CodeRed, Slammer, Sasser, [...]
Continue Reading
I recently watched IT administrator mailing lists buzzing with conversations about where everyone could buy an HP TouchPad – with the almost free price, now that HP has discontinued the product. It was not only IT people looking to cash in on the sweet deal, but consumers also, which means employees (maybe at your company!), who [...]
Continue Reading