Posts tagged Government

1 min Government

Federal Friday - 11.15.13 - Weekly Recap

It was a relatively quiet week on the federal front so we'll keep this week's edition fairly short. DHS alerted lawmakers earlier this week of an attempted, but unsuccessful, denial-of-service attack on Healthcare.gov. This appears to be the first such attempt on the new hub. You can read more here [http://freebeacon.com/dhs-official-confirms-attempted-cyber-attack-on-healthcare-gov/] . Additionally, we continue to see fallout regarding the Adobe breach [http://www.net-security.org/secworld.ph

3 min Government

Federal Friday - 11.1.13 - A War on Two Fronts

Happy Friday and welcome to November! Shorter days start this weekend so make sure to set those clocks back, and I can practically smell Thanksgiving dinner already. On another note we are still working though some post World Series hangovers here in Boston, and even though I am a NY Yankee in "Big Papi's Court” I can't help to feel just a little Boston Strong this week. The title of this week's blog (War on Two Fronts) actually isn't about a Boston-New York rivalry but rather the threats

2 min Government

Federal Friday 10.25.13 – Some Semblance of Normalcy

As it's back to business across the federal space we're starting to see a return to normalcy in the day to day cycle. While it may take some agencies longer than others to return to full capacity, it's nice to have that expected daily routine back in place. One of the biggest things we've seen in the federal cyber-landscape since the end of the shutdown? The publication of the draft of the NIST Preliminary Cybersecurity Framewor [http://www.nist.gov/itl/upload/preliminary-cybersecurity-framew

2 min Phishing

Federal Friday - 10.18.2013 - The "We're Back In Business" Edition

After a tough start to FY14, a sense of normalcy should start to creep back in over the coming weeks. Even though the folks in the House and Senate merely delayed their budgetary discussions, we can only hope that some hard lessons were learned this time around and that come January our collective backs won't be up against the wall again. Unfortunately the under-valued thespian, Nicolas Cage, won't be representing my feelings in this week's blog as we have some things to talk about. One of the

2 min Government

GestioIP Authenticated Remote Command Execution module

GestioIP is an open-source IPAM (IP Address Management) solution available on Sourceforge, written in Perl. There is a vulnerability in the way the ip_checkhost.cgi deals with pinging IPv6 hosts passed to it. If you pass an IPv4 address, the CGI uses a Perl library to perform the ping and return the results to the user. However, this library doesn't seem to support IPv6 hosts, so the developer uses the ping6 utility to perform the ping of an IPv6 machine. The developer did perform some validat

2 min Government

Federal Friday – 9.20.13 – The Air Gapped-Off line Edition

September 20th. Yup, I said it. We are two days away from the Autumnal Equinox, and I find myself asking; where have the spring and summer gone? With about 6 working days left in the federal FY13 most of us are knee deep in year-end wrap and FY14 prep (even though that might be delayed a little while). I read a nice article in the New York Times last weekend by Matthew L. Wald called “Imagining a Cyberattack on the Power Grid [http://www.nytimes.com/2013/09/11/us/imagining-a-cyberattack-on-th

2 min Apple

Federal Friday - 9.13.13 - Apple's Touch ID Release

Welcome to another edition of Federal Friday! It's been a busy week around here with 2 FISMA presentations earlier in the week and the ongoing effort to close out FY13 on 9/30. Plus the world came to a technological halt this week with the usual fervor surrounding your typical Apple event [http://www.idigitaltimes.com/articles/19853/20130910/iphone-5s-apple-event-september-2013-recap.htm] that was held on 9/10. This time the event centered around the upcoming iPhone release which featured th

2 min Government

Federal Friday - 9.6.13 - "P.O.C.B.S" Edition

Well folks, that about does it. Summah is a wrap and soon enough Boston will begin its annual transformation into the planet Hoth for the next few months. That being said, I thought I'd keep it light this week so we can all get on with our weekends. You might be wondering what the title of this week's edition means. No, “P.O.C.B.S” is not a new department or cert that you need to know about. It is actually a lot more basic than that but can cause major disruptions to critical infrastructure

2 min Android

Federal Friday - 8/30/2013: DHS/FBI Highlight The Importance Of Keeping Android Devices Updated

A memo [http://publicintelligence.net/dhs-fbi-android-threats/] sent to Police, Fire and EMS personnel nationwide from the FBI and Department of Homeland Security earlier this summer, was recently made public.  According to the memo, the Android operating system is the primary target for mobile malware attacks.  At face value, this would not be surprising given that Android commands ~ 80% market share in the US, so should proportionally experience the largest number of malware attacks.  However,

4 min Events

Federal Friday: Weekly Recap 7.26.13

Ah, summer in New England… From a new record high last week of 99 degrees during our company picnic, to a balmy 58 degrees when I woke up this morning. Drastic change in the weather is almost a daily occurrence for us hearty, chowder eating New Englanders. Change is also coming to much federal, state, and local agencies look to ramp up or enhance their current security programs by aggregating a lot of the open market tools and streamlining the purchasing process. The Department of Homeland Se

4 min Metasploit

Federal Friday - Weekly Recap 7-11-2013

Welcome back to Federal Friday with a happy belated 4th of July. I hope all of you out there had a fantastic holiday and were able to spend some quality time with friends, family, and some fireworks. For this week's blog I wanted to focus on 3 topics that really grabbed my attention over the last two weeks. NIST needs your help. In a blog post on Federal Technology Insider [http://federaltechnologyinsider.com/calling-all-cybersecurity-experts-nist-seeks-public-input-on-protecting-national-cri

6 min Metasploit

Federal Friday - 6.29.13 - Weekly Recap

As I prepare to dive into this week's Federal Friday post I can't help but notice that it's that time of the year again.  The days are longer, the mercury rising, a sweet smell of B.B.Q filling the air, and students around the country are heading out of the classroom and into their summer vacation. They leave their respective schools and previous grades behind, and for the next few months they will embark on numerous adventures, filling their heads with all types of stories that they'll be burst

4 min Metasploit

Federal Friday - Weekly Recap 6.21.13

Welcome to the brand new Federal Friday Blog here on Security Street! I tend to be an avid consumer of industry information, trends and general points of information within the InfoSec space. I want to use this blog to aggregate some of the information I find helpful and share that info with all of you on a weekly basis. Additionally we will be publishing federally-focused content from many of the great resources we have here at Rapid7. This content will highlight trends within the space and ho

3 min Government

There's a Hole in the Network

In this post SecurityStreet meets Sesame Street. One of my favorite travel songs growing up was "There's a hole in the bucket". The song can literally go on forever, which can be headache inducing at times. Here's the Sesame Street rendition, it may hit close to home as it did with me. Why am I telling you this? Well, it feels to me like "There's a hole in the bucket" is a lot like "There's a vulnerability in the network". During my background in the military and government organizations, I