Posts by John Schimelpfenig

1 min Metasploit

Federal Friday - 3.7.14 - Rapid7 Moose are on the Move

Federal friends! Unfortunately we're in the process of undergoing a much needed move and today is the last day in the current office. The good news? We're moving to greener, and more importantly, much larger pastures as our herd has grown quite a bit in the last 12 months and our current space just can't fit us anymore. As of Monday we will be located a little further downtown at 100 Summer St. So, next time you're in Boston give us a jingle and we'll be happy to invite you into our new home. In

2 min Metasploit

Federal Friday - 2.28.14 - Flash Zero Day Targets Foreign Policy Sites

Federal Friday has come again, which means another week has passed us by. It's been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ for on the horizon. We also had a great week at RSA with SC Magazine naming Nexpose the Best Vulerability Management Solution! The threat landscape has had a wild few days with a major security flaw for Apple desktops and iOS devices as well as another IE zero day being discovered. In addition, a detailed report from FireEye [http://www.

2 min Metasploit

Federal Friday - 2.21.14 - NATO praises NIST's Framework

Happy Friday, federal friends! I hope you all enjoyed your long weekend and short work-week. We're cruising through February here at the global HQ in Beantown, with a big office move scheduled for early March. I hope most of you have begun to thaw out and for those of you out there having a similar winter to New England, think warm thoughts (it helps). There was a nice article on Inside Security [http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/nato-cybersecurity-center-praises

2 min

Federal Friday – 2.14.14 – NIST's Cybersecurity Framework v 1.0 Released

Another week, another Snowmageddon, happy Friday everybody… As we dig out up here in the Northeast and the folks further south begin to thaw, I want to say thank you to all those that came out to our Security at the Crossroads seminar this week in DC. We had a great turnout and greatly appreciate all of the participation and feedback from many of you in attendance. Even though none of the feedback was specifically geared towards the blog, I know you all were secretly telling me you like it.

3 min Metasploit

Federal Friday - 2.7.14 - Third-Party Problems - Olympics Edition

Happy Friday, federal friends! Welcome to February, the funniest month of them all! In all seriousness though, I am looking forward to meeting a lot of you at our DC Roadshow next week! As you can guess from the title this week I am going to talk about some issues [http://news.cnet.com/8301-1009_3-57618407-83/sochi-visitors-entering-hacking-minefield-by-firing-up-electronics/] around the Olympics. Issues not involving water [http://norberthaupt.files.wordpress.com/2014/02/sochi-water.jpg] or t

4 min Metasploit

Federal Friday - 1.31.14 - Positioning for a Holistic Cybersecurity Deployment

Hello federal friends, happy last Friday of January. Is the year flying by already for anyone else? I wanted to talk to you this week about how to position your organization to better prepare yourselves from a cybersecurity standpoint. Who better to help me do this than Jennifer Aniston? " "Yeah. Yeah. We do. Although I didn't actually choose these. I, um, I just sorta grabbed fifteen buttons and just...I don't even know what they say! Y'know, I don't really care. I don't really like talkin

2 min Metasploit

Federal Friday - 1.24.14 - Threats From Afar

Friday, oh sweet Friday it's great to see you again my friend. I hope all of you are doing well with Polar Vortex 2014.2! Don't get me wrong I love Star Wars, and winter (for the most part), but I do not enjoy living on the set of Hoth this long. This week an interesting article from SC Magazine [http://www.scmagazineuk.com/cyber-security-failure-could-result-in-next-major-terrorism-attack/printarticle/330532/] highlighted the results of a discussion of industry leaders at a conference in Lill

3 min Metasploit

Federal Friday - 1.17.14 - Don't Forget to Wipe (Your Device)

Happy Friday, federal friends! I hope the post-holiday hangover has passed and your resolutions remain intact. It's been a busy start to the year so far in Rapid7-Land and we're only 2 weeks into '14. This week I read a great article on FederalTimes [http://www.federaltimes.com/article/20140115/MOB/301150005/Employee-owned-mobile-devices-put-agencies-risk] about how employee owned devices put agencies at risk, especially when it comes to wiping them. This is significant, especially with the ho

2 min Metasploit

Federal Friday - 1.10.14 - Welcome to 2014

Happy New Year federal friends! I hope each and every one of you have had a great holiday season with your families and friends. I know I had a nice quiet week off, until Hercules dropped some snow and most of us were slapped in the face with a nice Polar Vortex session. Now it's time to hop back on the horse and charge head first into 2014. In the wake of the massive Target breach that ended 2013, DHS has started 2014 off with a nice shot across the bow for anyone using POS systems and any org

2 min Government

Federal Friday - 12.27.13 - 'Tis The Season

Happy last Friday of 2013 everybody! I sincerely hope all of you have had a great holiday season, as it is rapidly coming to a close. My stockings were hung by the chimney with care for about 8 hours this year and the tree dried out in record time too. That just makes instant firewood, so the gifts keep on coming! Speaking of gifts, we got two little nice ones this week. In an article in the Washington Post [http://www.washingtonpost.com/business/capitalbusiness/federal-agencies-to-hire-more-c

1 min Android

Federal Friday - 12.20.13 - Deck the Halls Edition

'Tis the season to be jolly! Happy Holidays everyone! While it's amazing that Christmas is next week, it's not amazing how much shopping I still need to do (shh, don't tell my wife). Being that the season of gift giving is here it make sense to highlight a major request on many a letter to Santa Claus. Mobile devices! The focus this year, as in recent years, has been on the latest smartphones and tablets.There have been a few article put out this week regarding some of the security capabilitie

3 min Phishing

Federal Friday - 12.13.13 - Phishing with Tumblr and Pricing for Worms

Happy Friday fed friends! Another week comes to a close leaving us with 12 days to finish up the holiday shopping. Word out of the North Pole is that Santa has a new tool [http://www.rapid7.com/products/user-insight/] to check who's been naughty or nice this year . There have already been more than a few articles floating around with 2014 predictions for cyberthreats and many of them, including this little diddy from GCN [http://gcn.com/articles/2013/12/11/cybersecurity-threats-2014.aspx?admga

2 min Government

Federal Friday - 12.6.13 - Post-Turkey Digest

Hello federal friends! I hope each and every one of you had a very happy and festive Thanksgiving. Personally I was in a food-coma for 4 days but I am perfectly ok with that. As the year begins to close, it is always good to reflect on the year that was. However, as I was reminiscing over the last 2 weeks, one word stuck out like a neon sign in the dark of night: budget. Alright, that might have gotten some of you to stop reading already, but for those that are still with me I harken on the oft

1 min Government

Federal Friday - 11.15.13 - Weekly Recap

It was a relatively quiet week on the federal front so we'll keep this week's edition fairly short. DHS alerted lawmakers earlier this week of an attempted, but unsuccessful, denial-of-service attack on Healthcare.gov. This appears to be the first such attempt on the new hub. You can read more here [http://freebeacon.com/dhs-official-confirms-attempted-cyber-attack-on-healthcare-gov/] . Additionally, we continue to see fallout regarding the Adobe breach [http://www.net-security.org/secworld.ph

2 min

Federal Friday - 11.8.13 - Zero Day, Phishing and Mobile

Happy Friday to my fed friends, especially with a long 3 day weekend ahead! (I still get to work on Monday so call me, maybe?) I'll keep this week's edition short and sweet so we can wrap up and get our weekends started. Another week, another Zero-Day; [http://www.zdnet.com/zero-day-attacks-hit-windows-office-lync-7000022836/] this weeks present comes to us from Microsoft Office. The good news is there are workarounds described by Microsoft involve disabling the TIFF codec and using the Enhance