5 min
Rapid7 Perspective
Visions past and future: 2018 security predictions
Happy 2018, fellow humans (but not to you, bot army!). Like we've done in years
before, we recently rounded up some of the best minds and most trenchant
commentators the security industry has to offer and asked them to sum up the
year gone by (whether good, bad, or ugly) and shed light on what's in store for
the 363 days ahead. To see how our predictions fared in prior years, check out
the 2015
[/2014/12/19/rapid7-perspectiverapid7-2014-infosec-retrospective-predictions-for-2015/]
, 2016 [/2015/
2 min
Public Policy
FCC Repeals Net Neutrality: What Now?
[Update 05/16/18: The US Senate passed a resolution
[https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led
by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7
supports the resolution and other efforts to effectively reinstate net
neutrality safeguards.]
This week, Rapid7 hosted an event
[https://www.rapid7.com/lp/net-neutrality/index.html] with Massachusetts’ Edward
J. Markey and a number of Boston’s technology and business leaders to protest
5 min
Rapid7 Perspective
Attention Humans: The ROBOT Attack
What’s the ROBOT Attack?
On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and
Craig Young published a paper, website, testing tool, and CTF at robotattack.org
[https://robotattack.org] detailing a padding oracle attack that affects the way
cryptography is handled on secure websites. ROBOT, which stands for Return Of
Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption
standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a
secur
2 min
Rapid7 Perspective
Standing with Massachusetts technology leaders in support of net neutrality
On Monday, Rapid7 will host Senator Edward J. Markey and a group of technology
and business leaders from across Massachusetts as we stand in support of net
neutrality. Together, we’ll affirm our commitment to a free and open internet
that promotes growth and innovation and gives all users broad access to internet
content.
At the heart of net neutrality is the principle that internet service providers
must treat all content transmitted across the internet equally. In practice,
this means that IS
4 min
Rapid7 Perspective
5 Tips for a Cyber Holiday Season
Five tips on how to approach security this holiday season with family and friends
4 min
Rapid7 Perspective
Giving thanks for security improvements
We see a lot of bad news in security: hacks, attacks, breaches, bad choices—tiny
flaws that lead to significant failures. As part of a community that’s naturally
wary of wins, it can be a battle to remember how much progress we’ve made as an
industry, and how exponentially that progress scales across a user population of
billions. In the spirit of Thanksgiving, I asked a group of Rapid7 leaders and
experts to name security improvements that have made computing safer over the
years—for users, pra
5 min
NCSAM
NCSAM Security Crash Diet, Week 2: Social and Travel
Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.
4 min
Rapid7 Perspective
Help! What’s going on?
Last month, we announced that we are evolving our community site, and we started
directing our customers to two new resources: the Rapid7 blog [/] and the Help
site [https://help.rapid7.com/]. We’ve heard that people like the new look and
feel, but there has been some confusion and concern about the status of the
forums. We want to thank everyone who has taken the time to provide feedback,
and we also want to apologize for any inconvenience we may have caused while
we’re in transition.
This pos
3 min
NCSAM
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
[https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/]
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
[https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
7 min
Rapid7 Perspective
2017 Cybersecurity Horoscopes
What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked
crystal balls, and cast runes to peer into the future. See what the signs have
in store for you in the new year.
Sage Corey Thomas, Rapid7
Gazing into the future of 2017, I believe we will continue to see market
consolidation of security vendors. With a focus on increasing productivity,
organizations will move further from disparate, point-solutions that solve just
one problem to solutions that can be leveraged through
4 min
Rapid7 Perspective
Why Security Assessments are Often not a True Reflection of Reality
Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard
these terms before. They're clever phrases that highlight how the wrong people
are often in charge of things. It's convenient to think that the wrong people
are running the show elsewhere but have you taken the time to reflect inward and
determine how this very dilemma might be affecting your organization? I see this
happening all the time in terms of security assessments. In organizations both
large and small, I se
4 min
IoT
On the Recent DSL Modem Vulnerabilities
by Tod Beardsley [https://twitter.com/todb] and Bob Rudis
[https://twitter.com/hrbrmstr]
What's Going On?
Early in November, a vulnerability was disclosed affecting Zyxel DSL modems,
which are rebranded and distributed to many DSL broadband customers across
Europe. Approximately 19 days later, this vulnerability was leveraged in
widespread attacks across the Internet, apparently connected with a new round of
Mirai botnet activity.
If you are a DSL broadband customer, you can check to see if yo
4 min
Career Development
Opportunity Now Means Success Later: Q&A with Rapid7 Sales
This post is a Q&A with John O'Donnell, Director of Sales at Rapid7. For more
information about career opportunities with Rapid7, visit
https://www.rapid7.com/company/careers.jsp.
Q: What separates Rapid7 from other security or software companies in the area?
A: The diversity we have here separates us from the competition. Our teams are
created by integrating people from all walks of life and then submerging them in
the ever-changing and exciting cybersecurity industry. The belief is that you
6 min
Rapid7 Perspective
Conflicting perspectives on the TLS 1.3 Draft
In the security industry, as in much of life, a problem we often face is that of
balance. We are challenged with finding the balance between an organization's
operational needs and the level of security that can be implemented. In many
situations an acceptable, if less than optimal, solution can be found but there
are cases where this balance cannot be achieved. I recently saw of case of this
[https://www.ietf.org/mail-archive/web/tls/current/msg21275.html] on the mailing
list of the IETF TLS Wo