Posts by Bill Bradley

2 min

How do You USB?

All the perimeter protection in the world won't stop an attack that doesn't get checked by the security measures around your perimeter, assuming the perimeter is still a viable term in today's distributed, mobile, and virtual world.  If an attacker were to drop a USB stick in a public area of your company, what are the chances that USB stick eventually finds a USB port? Pretty good. [http://thenextweb.com/insider/2011/06/28/us-govt-plant-usb-sticks-in-security-study-60-of-subjects-take-the-bait/

2 min

The report of my death was an exaggeration - Windows XP and Mark Twain

Microsoft formally announced the EOL of XP [http://windows.microsoft.com/en-us/windows/end-support-help]as of April 8, 2014.  This fact made a splash in the IT/InfoSec community but was quickly buried by the onslaught of Heartbleed traffic that same week.  Now that some of the Heartbleed buzz has slowed, I'd like to highlight a piece of research penned by Visa [http://usa.visa.com/download/merchants/WindowsXP-End-of-Life-08APR14.pdf], a company that has a significant stake in protecting financia

1 min

Rapid7 for SANS Top 20 Compliance

Greetings post-move to our new home here in Boston, after having outgrown our previous space due to some phenomenal expansion [http://finance.yahoo.com/news/frost-sullivan-awards-rapid7-2013-150000318.html] , Rapid7 is now a new citizen of the Financial District.  The new space is great, and I'm sure the orange paint suppliers of the world are breathing a sigh of relief now that the renovations are complete. Now that our organization is done with the tactical move, it's time to look strategic

1 min

The next 40% attacked? The US Federal Government.

As a follow on to the blog about the data theft of 40% of South Korean credit cards, what is the next 40% number?  Per this article [http://freebeacon.com/report-4-in-10-government-security-breaches-go-undetected/] on this report [http://www.hsgac.senate.gov/download/?id=8BC15BCD-4B90-4691-BDBA-C1F0584CA66A] nearly 40% of breaches of the US federal government go undetected.  If these breaches are undetected it stands to reason that the underlying problems that allowed unauthorized user(s) to ga

1 min

Attacker theory vs attacker practical? Webinar - Thursday February 6 2:00 PM EST

The Advanced Persistent Threat (APT) model presents a neatly packaged and sanitized version of how an attacker may target, breach, collect information, then move on to their next victim.  There are some lessons in the model and it presents common steps as part of an attack, though it rarely works out that neatly and systematically in the "real world" where we live and work.  Join Rapid7 Thursday February 6 at 2:00 PM EST to learn more from one of our Penetration Testers who has spent years tryin

1 min Hacking

40% of the COUNTRY hacked!

With the US retail market reeling from a tough end to the holiday season due to security breaches a little news from overseas [http://money.cnn.com/2014/01/21/technology/korea-data-hack/] shows this problem has no borders and is continuing to grow.  Headlines are designed to be the hook to the article and occasionally get trumped up, but in this case the numbers tell the story without need to exaggerate, 40% of the population of South Korea, ~20 million people, had their personal data stolen or

2 min Antivirus

ControlsInsight...Controls discussed.

Rapid7 ControlsInsight [http://www.rapid7.com/products/controls-insight/] allows organizations to quickly assess the deployment and configuration of 11 critical security controls from one platform; we'd like to take a brief look at these controls to discuss what they are and what they mean to the organization (Or as one of my professors was known to bark out at the end of a less than compelling presentation, "So what?")  Previous blogs have looked at unique password [/2013/10/29/the-controlsinsi

1 min Events

Happy 2014 ControlsInsight followers - Join us for the Rapid7 Roadshow

Happy 2014 to all Rapid7 ControlsInsight followers! We here at Rapid7 hope you had some time off over the holidays and are recharged and ready for a great 2014!  Today's topic is a plug for the upcoming Rapid7 Roadshow “Security at the Crossroads” [http://www.rapid7.com/roadshow/?cs=wbblog] that in addition to showing you how to think like a hacker to stay ahead of an attack and prepare for threats against mobile, cloud, and on premise assets will feature two ControlsInsight [http://www.rapid7.