5 min
Vulnerability Disclosure
Seven FOSS Tricks and Treats (Part One)
Adventures in FOSS Exploitation, Part One: Vulnerability Discovery
_This is the first of a pair of blog posts covering the disclosure of seven new
Metasploit modules exploiting seven popular free, open source software (FOSS)
projects.
Back over DEFCON, Metasploit contributor Brandon Perry decided to peek in on
SourceForge, that grand-daddy of open source software distribution sites, to see
what vulnerabilities and exposures he could shake loose from an assortment of
popular open source enterpri
2 min
Microsoft
Patch Tuesday - April 2013 Edition!
The April 2013 MS Tuesday advisories are is out and it forecasts an interesting
patching session for Microsoft administrators. There are 9 advisories, for 14
CVEs, affecting 16 distinct platforms in 5 categories of Microsoft products,
including the not-often-seen patching of “Microsoft Office Web Apps” and
“Microsoft Security Software”.
Once again there is an IE patch (MS13-028) which is rated critical, but this one
differs from last month's incarnation by applying to all supported versions
5 min
Compliance
5 NON-TECHNICAL REASONS ORGANIZATION GET BREACHED
For every data breach that makes the headlines, there are tens to hundreds that
go unreported by the media, unreported by companies, or even worse, go
unnoticed.
The rash of negative publicity around organizations that have experienced data
breaches would appear to be a sufficient motivator to whip corporate leaders
into bolstering their security programs in order to prevent from being the next
major headline. If that is not reason enough, the litany of regulations imposed
on certain industries
1 min
Networking
Leveraging Security Risk Intelligence to Improve Your Security Posture
As most of you probably know, attackers routinely target exploitable weaknesses
of security systems rather than pre-identifying victims for their attacks. Also,
most breaches that occur in database security systems are avoidable without
expensive or sophisticated countermeasures.
In its 2012 Data Breach Investigations Report, Verizon
[http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf]
registered 174 million compromised records for 2011, compar
1 min
Nexpose
How to Check for Remote Desktop Protocol (RDP) Services
There are many organizations concerned with the critical Microsoft Security
Bulletin MS12-020
[http://technet.microsoft.com/en-us/security/bulletin/ms12-020] Remote Desktop
Protocol (RDP) vulnerability. Here is a quick way to check if you have Remote
Desktop Protocol running on your system or network. I used NMAP
[http://nmap.org/] to check my home network.
In the highlighted text below you can see that NMAP can check for the RDP
service running. If you can't patch, this is important because at
2 min
Metasploit
Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation
When we talk to Metasploit users, they usually use it for either penetration
testing, password auditing or vulnerability validation, but few use it for more
than one of these purposes. By leveraging your investment in Metasploit, you can
triple-dip at the same price - no extra licenses needed.
Penetration Testing
With penetration testing, you can identify issues in your security
infrastructure that could lead to a data breach. Weaknesses you can identify
include exploitable vulnerabilities, we
2 min
Patch Tuesday
October 2011 Patch Tuesday
This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities
across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only
two bulletins were rated 'critical', and the rest were rated 'important'.
In terms of prioritizing patching, when I look at security vulnerabilities,
first I want to understand which ones can have the most widespread impact.
MS11-081is a cumulative update which affects Internet Explorer, so it relates to
both corporate and home users. These v