Category: Risk Management

The OpenSSL Heartbeat Vulnerability: Forgotten Attack Vectors

The web is abuzz with reports of the OpenSSL Heartbeat vulnerability. It’s not an understatement to say that this is the most serious vulnerability to come along in several years. There are many good write-ups about it and I don’t

Posted in Encryption, Incident Response, Risk Management, Vulnerabilities

Malicious Data From Trusted Companies

Last night, I received one of the typical malicious “you have a package waiting” spams to an email address that I have only used at one place–in this case DynDNS.com. It included a link inviting me to print a shipping

Posted in Incident Response, Risk Management Tagged with:

Developing a Java Management Strategy

I considered many ways to title this blog post: The Scourge That is Java; Die, Java, Die!; or, perhaps Java, it’s time we had a talk. As a security guy, Java has been my nemesis. It has been far more

Posted in Risk Management, Secure Design, Systems Hardening, Vulnerabilities

The Immutable Friday Fav Five for September 30, 2011

Here are the five or more links that I found interesting for this week: PDF-XRAY is a site where you can submit suspect PDFs for analysis. Now you can download the code behind the site and have a go at

Posted in Research, Risk Management, Secure Design, Vulnerabilities

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Posted in Dialogue, Intrusion Detection, Log Analysis, Risk Management, Secure Design Tagged with:

Don’t Swallow the Blue Pill Just Yet

Virtualization is a quickly growing area in IT right now. The prospect of running dozens of virtual servers on one physical server is most appealing. As long as licensing costs don’t eat up too many of the savings, it really

Posted in Computer Crime, Risk Management, Secure Administration, Systems Hardening Tagged with:

How to Suck at Security for Executive Management

An off-beat comment with a colleague last week gave me the idea for this post. We were discussing ways in which security programs fail and he jokingly suggested that I blog about how to fail in security, rather than how

Posted in Risk Management, Secure Design

Garden Security III: The Houdini Hare

Never underestimate the potential of a motivated attacker–or a hungry rabbit. Fairly confident in my beefed up garden security, I entered my garden to commune with my plants. They probably would have preferred water, but I am an earthy kind

Posted in Risk Management, Secure Design Tagged with:

Garden Security II: The Bunny Breach

*(&$#@!! I stepped outside tonight to water the garden and what did I find? A fuzzy-tailed rabbit happily hanging out inside my garden–with the gate closed. My perimeter has been breached! How did he get in? I am still doing

Posted in Incident Response, Intrusion Detection, Risk Management, Secure Design, Vulnerabilities Tagged with:

Garden Security

I like to garden. Truth be told, I’m not very good at it. I get a little better every year, but I am not one of those people who can just look at a plant and make it grow. This

Posted in Risk Management, Secure Design