2 min
How do You USB?
All the perimeter protection in the world won't stop an attack that doesn't get
checked by the security measures around your perimeter, assuming the perimeter
is still a viable term in today's distributed, mobile, and virtual world. If an
attacker were to drop a USB stick in a public area of your company, what are the
chances that USB stick eventually finds a USB port? Pretty good.
[http://thenextweb.com/insider/2011/06/28/us-govt-plant-usb-sticks-in-security-study-60-of-subjects-take-the-bait/
2 min
The report of my death was an exaggeration - Windows XP and Mark Twain
Microsoft formally announced the EOL of XP
[http://windows.microsoft.com/en-us/windows/end-support-help]as of April 8,
2014. This fact made a splash in the IT/InfoSec community but was quickly
buried by the onslaught of Heartbleed traffic that same week. Now that some of
the Heartbleed buzz has slowed, I'd like to highlight a piece of research
penned
by Visa
[http://usa.visa.com/download/merchants/WindowsXP-End-of-Life-08APR14.pdf], a
company that has a significant stake in protecting financia
1 min
Rapid7 for SANS Top 20 Compliance
Greetings post-move to our new home here in Boston, after having outgrown our
previous space due to some phenomenal expansion
[http://finance.yahoo.com/news/frost-sullivan-awards-rapid7-2013-150000318.html]
, Rapid7
is now a new citizen of the Financial District. The new space is great, and I'm
sure the orange paint suppliers of the world are breathing a
sigh of relief now that the renovations are complete.
Now that our organization is done with the tactical move, it's time to look
strategic
1 min
The next 40% attacked? The US Federal Government.
As a follow on to the blog about the data theft of 40% of South Korean credit
cards, what is the next 40% number? Per this article
[http://freebeacon.com/report-4-in-10-government-security-breaches-go-undetected/]
on this report
[http://www.hsgac.senate.gov/download/?id=8BC15BCD-4B90-4691-BDBA-C1F0584CA66A]
nearly 40% of breaches of the US federal government go undetected. If these
breaches are undetected it stands to reason that the underlying problems that
allowed unauthorized user(s) to ga
1 min
Attacker theory vs attacker practical? Webinar - Thursday February 6 2:00 PM EST
The Advanced Persistent Threat (APT) model presents a neatly packaged and
sanitized version of how an attacker may target, breach, collect information,
then move on to their next victim. There are some lessons in the model and it
presents common steps as part of an attack, though it rarely works out that
neatly and systematically in the "real world" where we live and work. Join
Rapid7 Thursday February 6 at 2:00 PM EST to learn more from one of our
Penetration Testers who has spent years tryin
1 min
Hacking
40% of the COUNTRY hacked!
With the US retail market reeling from a tough end to the holiday season due to
security breaches a little news from overseas
[http://money.cnn.com/2014/01/21/technology/korea-data-hack/] shows this problem
has no borders and is continuing to grow. Headlines are designed to be the hook
to the article and occasionally get trumped up, but in this case the numbers
tell the story without need to exaggerate, 40% of the population of South Korea,
~20 million people, had their personal data stolen or
2 min
Antivirus
ControlsInsight...Controls discussed.
Rapid7 ControlsInsight [http://www.rapid7.com/products/controls-insight/] allows
organizations to quickly assess the deployment and configuration of 11 critical
security controls from one platform; we'd like to take a brief look at these
controls to discuss what they are and what they mean to the organization (Or as
one of my professors was known to bark out at the end of a less than compelling
presentation, "So what?") Previous blogs have looked at unique password
[/2013/10/29/the-controlsinsi
1 min
Events
Happy 2014 ControlsInsight followers - Join us for the Rapid7 Roadshow
Happy 2014 to all Rapid7 ControlsInsight followers!
We here at Rapid7 hope you had some time off over the holidays and are recharged
and ready for a great 2014! Today's topic is a plug for the upcoming Rapid7
Roadshow “Security at the Crossroads”
[http://www.rapid7.com/roadshow/?cs=wbblog] that in addition to showing you how
to think like a hacker to stay ahead of an attack and prepare for threats
against mobile, cloud, and on premise assets will feature two ControlsInsight
[http://www.rapid7.