Category: Risk Management

The OpenSSL Heartbeat Vulnerability: Forgotten Attack Vectors

The web is abuzz with reports of the OpenSSL Heartbeat vulnerability. It’s not an understatement to say that this is the most serious vulnerability to come along in several years. There are many good write-ups about it and I don’t

Malicious Data From Trusted Companies

Last night, I received one of the typical malicious “you have a package waiting” spams to an email address that I have only used at one place–in this case It included a link inviting me to print a shipping

Tagged with:

Developing a Java Management Strategy

I considered many ways to title this blog post: The Scourge That is Java; Die, Java, Die!; or, perhaps Java, it’s time we had a talk. As a security guy, Java has been my nemesis. It has been far more

The Immutable Friday Fav Five for September 30, 2011

Here are the five or more links that I found interesting for this week: PDF-XRAY is a site where you can submit suspect PDFs for analysis. Now you can download the code behind the site and have a go at

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Tagged with:

Don’t Swallow the Blue Pill Just Yet

Virtualization is a quickly growing area in IT right now. The prospect of running dozens of virtual servers on one physical server is most appealing. As long as licensing costs don’t eat up too many of the savings, it really

Tagged with:

How to Suck at Security for Executive Management

An off-beat comment with a colleague last week gave me the idea for this post. We were discussing ways in which security programs fail and he jokingly suggested that I blog about how to fail in security, rather than how

Garden Security III: The Houdini Hare

Never underestimate the potential of a motivated attacker–or a hungry rabbit. Fairly confident in my beefed up garden security, I entered my garden to commune with my plants. They probably would have preferred water, but I am an earthy kind

Tagged with:

Garden Security II: The Bunny Breach

*(&$#@!! I stepped outside tonight to water the garden and what did I find? A fuzzy-tailed rabbit happily hanging out inside my garden–with the gate closed. My perimeter has been breached! How did he get in? I am still doing

Tagged with:

Garden Security

I like to garden. Truth be told, I’m not very good at it. I get a little better every year, but I am not one of those people who can just look at a plant and make it grow. This