Archive for August, 2010
AFITC 2010
If your organization has never considered, or taken, IT security seriously, a keynote speech given by Maj. Gen. Richard Webbers at the Air Force Information Technology Conference 2010 in Montgomery, AL would have certainly changed your mind. The General went through a brief history of the 24th Air Command, its role in supporting cyber threats,…
When Your Vulnerability Scanner Breaks Your Compliance
At eEye Digital Security we strive to make sure our Retina Network Security Scanner technology not only has great auditing capabilities for missing patches and misconfigurations, but also for remotely exploitable server vulnerabilities. We have been a pioneer in the space of non-intrusive, unauthenticated, vulnerability checks for many years now. In fact, on more than…
DLL Preloading Attacks in the Wild
After several public discussions and the swift patching of Apple iTunes, Microsoft has issued the security advisory KB2269637 to address DLL Hijacking or Preloading vulnerabilities within all versions of Microsoft Windows. This advisory covers a 10 year old flaw within the Windows operating system and how it handles the loading of Dynamic Link Libraries (.DLL…
The Importance of Web Application Scanning
The art of hacking a computer, operating system, and application has evolved over time. What was once seen as relatively simple hacks have been suppressed due to various intrusion prevention mechanisms developed by network security companies. Breaching a company’s perimeter to gain direct unauthorized access to an organization’s network is not as simple as it…
The Value of a Management Console
My background is in Network Management Systems (NMS). In the late 1990’s, the buzz words for NMS were around a “single pane of glass” management. This referred to a single CRT computer screen showing all of the relevant network management information in one view. The inherent value in this approach was the ability to see…
The Concept of Universal Integration
CNN recently reported that cell phones in Europe will soon benefit from a universal charger format. That means that regardless of the cell phone vendor you purchase, there will be one standard connector that will work for all of them. Unfortunately, here in the United States, we have no such regulations and the concept of…
Microsoft Patch Tuesday – August 2010
As everyone knows by now, this was a gigantic patch Tuesday with Microsoft delivering 14 security bulletins (in addition to the out-of-band bulletin from last week). On top of that, Adobe patched Flash and ColdFusion. It is once again going to be a long night for IT and security engineers everywhere. One important thing to note is…
