Why the Shellshock Vulnerability Is A Perfect 10

Why the Shellshock Vulnerability Is A Perfect 10

Another big buzz in the media again. Looks like there has been another dangerous vulnerability identified and rated a 10 for impact, and a 10 for exploitability. This is the threat we now know as the Shellshock Vulnerability.

The major concern is that, if an attacker has the skill to craft a packet to take advantage of the vulnerability, they can inject code that compromises a target machine.

That seems simple enough – and from a conceptual perspective, it is. So why it is rated so high? And how does it compare to the Heartbleed bug we recently heard so much about?

[Read more…]

What is it that you want to protect from data loss the most?

This can be a very difficult question.  A question that has created many products and solutions (inside and outside of IT…think insurance.)  Other than the people, the most critical asset we have in most organizations is the information.  If it were not for that information we wouldn’t need all of the switches, routers, servers, and storage.  If we aren’t protecting the data that we value most as a starting point then what are we doing?

DLP (Data Loss Prevention) has been one of the dirtiest words over the last ten years.  It may be even considered worse than cloud, at least in security circles.  What made this term so unpalatable is the fact that it somewhat implies that without these solutions branded Data Loss/Leakage Prevention that we are losing and leaking data.  It implies that these solutions are the silver bullet.  The end all to be all.  Obviously marketing gone wild.  There is definitely some merit in this though.  And applied correctly with other technologies can actually provide a fantastic last line of defense, which used to be endpoint anti-virus.

If the attack traffic got through the firewall, then the Network Intrusion Prevention System, then hopefully the endpoint anti-virus software would pick it up.  But what happens when it doesn’t?  What happens when the system has been compromised without detecting for a while.  This is where the data starts to get pulled out of the network, or exfiltrated.

Assuming there is a compromise, let’s delve into our solutions that make up a DLP strategy and provide some examples of when each of them is used.  Ideally you’ll find which of these following solutions fit best in your environment today. [Read more…]

Face the music and sing a happy tune when your IT environment is safer

What people don’t realize when it comes to security threats to their websites; it’s not web servers being attacked.  (though it’s not to say that they aren’t vulnerable.)  But what is being attacked is the actual code of the website.  There are some pretty old tricks like SQL Injection and Cross Site Scripting that allow attackers to do all sorts of creative things.  One of the most common attacks is to dump the contents of a database table that shouldn’t be seen.

For example you should be able to enter credit card numbers, social insurance numbers, health card numbers, driver’s licenses, and password into certain websites but a visitor to that website shouldn’t be able to ask the web application to show all of the values that have been entered by all users.  Another way is when an attacker injects code onto a popular news website that loads another malicious website so that when the news page loads malware loads as well. The end user essentially doesn’t have to interact at all to get malware installed on their system, (this is known as a drive-by download.)

The first thing to do is have your website assessed.  Assessing the situation is a critical step to know where you are vulnerable so that you can take appropriate actions.  Automated tools can be a great way to crawl through all those pages looking for problems.  Once you have an idea where the vulnerabilities are, you need to plug them up.

[Read more…]