Posts by Trey Ford

2 min Authentication

I've got Sunshine

Sometimes sunshine can bring a smile on a cloudy day—encouraging thoughts come from entirely unexpected places. One of our favorite Internet darlings is having a rough go. Someone posted an alleged sample of the data, which was (pretty quickly) refuted by the online marketplace. The ever-vigilant and curious Rapid7 Labs team tore into the sample data. A diamond in the rough is what I wish to share with you. We all know that passwords should be hashed. (There is no real reason anyone should ev

5 min Log Management

Incident Response is about Where, When, and How

"If and when" is old and busted. "Where, when, and how" are the new hotness. Incidents happen. There will always be a Patient Zero. "Where the incident happened, when you detect the incident, and how you responded" is what I believe matters. I think the general public will appreciate measured response under attack to us fostering belief in 'perfect defense'. With this in mind, I want discuss a few thoughts prompted by eBay's response to this compromise. Scoping is hard Incident Handlers le

4 min

Heartbleed and the Law

When reflecting on Heartbleed, I marvel at data indicating how quickly key websites and web services seem to have responded, honoring the trust of users, putting their safety first. Heartbleed's vulnerability announcement [http://heartbleed.com/] was a little different than the classic Full Disclosure email or patch announcement - it had a website, branding, and pretty tight messaging. The technology community did not rest on their laurels and pontificate on validity- we uniformly launched into

5 min

Heartbleed War Room - Product FAQ

Quick reference links before we dive in: * Heartbleed Vulnerability Resources [http://information.rapid7.com/heartbleed-vulnerability-resources.html] * Heartbleed War Room - FAQ [/2014/04/11/heartbleed-war-room-faq] * Using Nexpose to stop the bleeding [/2014/04/10/using-nexpose-to-stop-the-bleeding-scanning-for-cve-2014-0160] * Metasploit's Heartbleed scanner module [/2014/04/09/metasploits-heartbleed-scanner-module-cve-2014-0160] Following up on our Heartbleed War Room webcast f

4 min

Open Letter to Internet Users and Businesses: Help Us Test OpenSSL and Make the Internet Safer

Bugcrowd [https://bugcrowd.com/] has kicked off a crowdfunding initiative to raise money for a sprint bounty for OpenSSL. The thinking is that OpenSSL is hugely resource constrained and hasn't been able to engage professional security testers. Internet users and businesses that rely on OpenSSL should help solve this problem. Many won't have the time or skills to start security testing OpenSSL themselves, but they could potentially contribute to a fund that would then be used to run a sprint boun

10 min Authentication

Heartbleed War Room - FAQ

Yesterday we did an impromptu (completely unrehearsed) live Q&A titled ‘The Heartbleed War Room Webcast' which you can go listen to here: http://information.rapid7.com/heartbleed-war-room.html On this webcast we had * Trey Ford, Rapid7's Global Security Strategist (@treyford) * Mark Schloesser, Security Researcher at Rapid7 (@epmovsb), and * Josh Feinblum, Rapid7's VP of Information Security (@TheCustos) For more information, please visit our resource page: * Heartbleed Vulnerability R

3 min Project Sonar

Gaping SSL? My Heartbleeds

As you may already know, last night a vulnerability affecting OpenSSL was reported and it most likely affects your organization. The "Heartbleed" SSL vulnerability affects widely deployed versions of the OpenSSL library, which is used in the majority of software, including web-, email-, database- and chat-servers. How does it work? This vulnerability allows an attacker to read a portion of memory from the remote system without the need for any known credentials or other authentication forms.

3 min

Friends don't let Friends

We all know that tomorrow is the official end of life for Windows XP, and there are at least fifty other posts you can read on this topic. I want to: * Remind you of our social responsibility on this topic, * Simplify your family CIO/CSO duties (LOL), and * Sharpen your business game regarding Windows XP's end of life. Our Duty: As members of the security community, we have a responsibility to leave the Internet better than we found it. Data indicates that XP still powers roughly a third o

3 min Research

Supporting the Security Community - Why I Joined Rapid7

Hey SecurityStreet! I wanted to say hello, as I am new to the Rapid7 team - and excited to be working with you. Three Things * Who is this 'Trey guy' * Why Rapid7? * What are you doing? (… which is all I want to talk about!) 'Who?' By way of introduction, my name is Trey Ford and I am joining the R7 team as Global Security Strategist, after serving as General Manager at Black Hat for the last two years. I will continue working on the Black Hat Review Board, and may announce a couple of