Posts by Ross Barrett

1 min Nexpose

Nexpose Coverage Toolkit Update

A couple of weeks back I told you all about the new capability to add custom protocol support in Nexpose. [/2015/06/30/introducing-the-nexpose-coverage-toolkit]At first we had opened the github repo [] up as invitation only.  I'm excited to tell you that since then we've expanded the testability, added more protocols, and as of last week we opened it to the public. One of the best things about improving protocol detection is increased scan speed.  Gett

2 min

Introducing the Nexpose Coverage Toolkit

Those of you who pay close attention to our release notes saw that last week, (June 17, 2015) with the Nexpose 5.14.3 release, we made good on something I wrote about here [/2015/01/14/give-the-people-what-they-want] in the first part of the year.  The Nexpose team is extremely excited to announce the initial availability of our new protocol fingerprinting framework.  For the first time end users can extend Nexpose's protocol fingerprinting capabilities! The coverage toolkit provides Nexpose us

2 min Patch Tuesday

Patch Tuesday, February 2015

For the second straight month Microsoft is holding fast to their blockade of information.  Customers with “Premier” support are getting a very sparse advance notification 24 hours before the advisories drop, and “myBulletins” continues to be useless because it is not updated until well after the patch Tuesday release.  Microsoft called this an evolution, and I can certainly see why – they are applying a squeeze to security teams that will eliminate the weak members of the herd. This month we ar

1 min

#MOARCHECKS! A quick survey - How should we represent service fingerprints?

Following up to Give the people what they want! #MOARCHECKS [/2015/01/14/give-the-people-what-they-want] we'd like some input regarding our options for encapsulating service (protocol) fingerprinting data.  By this, I mean the content that defines how we recognize that a port is listening for HTTP connections, for example.  Of course, we already cover HTTP, so the use here would be adding descriptions of esoteric or proprietary protocols. Please take a second to answer this one question survey:

1 min Nexpose

Give the people what they want! #MOARCHECKS

I've been working in the exposure management space for almost 9 years now and if there is one thing that has not changed in that time, it's the demand for more coverage.  People always want more because there always *is* more.  More software, more platforms, more protocols, more compliance and configuration standards, and always, always, always, more vulnerabilities.  By "people" I mean customers, prospects, community users, really anybody who cares about what an exposure management product, suc

2 min Microsoft

Patch Tuesday, January 2015 - Dawn of a new era

Microsoft's January 2015 patch Tuesday marks the start of a new era.  It seems that Microsoft's trend towards openness in security has reversed and the company that was formerly doing so much right, is taking a less open stance with patch information.  It is extremely hard to see how this benefits anyone, other than, maybe who is responsible for support revenue targets for Microsoft. What this means is that the world at large is getting their first look at understandable information about this

2 min Microsoft

Patch Tuesday - December 2014

December's advanced Patch Tuesday brings us seven advisories, three of which are listed as Critical.  Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the VBScript CVE in MS14-084. Of the critical issues, MS14-080 has the broadest scope, with 14 CVEs.  None of which are publically disclosed or known to be under active exploit.  The shared CVE with MS14-084 presents a patching and detection challenge becaus

1 min Patch Tuesday

Patch Tuesday, November 2014

Patch Tuesday came in hot this month with 15 advisories, of which 4 are listed as critical.  Hate to point it out, but this was originally advertised as 16 with 5 critical, but the patch for MS14-068 apparently isn't ready for prime time yet.  Hopefully the decision to hold it back was based on both the testing and an assessment of risk. The top patching priority is definitely going to be MS14-064, which is under active exploitation in the wild and may be related, at least superficially, to las

2 min Microsoft

October Patch Tuesday + Sandworm

Microsoft is back in fine form this month with eight upcoming advisories affecting Internet Explorer, the entire Microsoft range of supported operating systems, plus Office, Sharepoint Server and a very specific add on module to their development tools called “ASP .NET MVC”.  Originally nine advisories were listed in the advance notice, but one of the vulnerabilities affecting Office and the Japanese language IME was dropped for reasons unknown (the dropped advisory was bulletin #4 in the advanc

1 min

Sandworm aka CVE-2014-4114

UPDATED: 2.30pm, ET, Tuesday, Oct 14. There's another vulnerability with a clever name getting a lot of attention: Sandworm [] aka CVE-2014-4114. This is not a cause for panic for the average system administrator or home users, but you should take it seriously and patch any vulnerable systems ASAP. While the reach is pretty broad because the vulnerability in question affects all versions of the Windows operating system from Vista SP2 to Win

2 min Microsoft

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll up addresses 36 privately disclosed Remote Code Execution issues and 1 publically disclosed Information Disclosure issue which is under limited attack in the wild. This will be the top patching priority for this month. Of the three no

1 min Microsoft

August Patch Tuesday

Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching.  This month's advance notice contains nine advisories spanning a range of MSFT products.  We have the ubiquitous Internet Explorer all supported versions patch (MS14-051), with the same likely caveat that this would apply to Windows XP too, if Microsoft still supported it.  This patch addresses the sole vulnerability to be actively exploited in the wild from in this month's crop of issues, CVE-201

2 min Java

Oracle CPU: July 2014

Oracle's Quarterly Critical Patch Update (CPU) is never a minor event.  In April we saw 104 security issues addressed, in January it was 144.  This time around we are faced with 113 updates.  These updates span the entire portfolio of Oracle software, including the JRE, Solaris, Oracle Database, MySQL, and numerous web and middleware products. What stands out is the belated fix for Heartbleed in MySQL Enterprise Server, coming fully 3 months after Oracle fixed that issue in their other products

2 min

July Patch Tuesday: Adobe Flash steals the show

Microsoft has released the patches and it is a relatively light month.  Six issues in total, 2 Critical, 3 Important, 1 Moderate.  OS administration teams will be busy, application administrators get the month off. One of the critical issues is MS14-037 IE fix. After the 59 patched in MS14-035 we have a mere 24 this round, which is double or triple what I expected based on the recent trends.  This patch is a cumulative roll up, meaning it encompasses previous patches and will supersede them. Of

2 min Microsoft

Patch Tuesday, June 2014

Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five important – one of which is the seldom seen “tampering” type. The remarkable item in this month's advisories is MS14-035, the Internet Explorer patch affecting all supported versions.  That in itself is not unique, we see one of these almost every month, but this time the patch addresses 59 CVEs, that is 59 distinct vulnerabilities in one patch! Microsoft asserts that while two of the vulnerabilities (CVE-2014-1770