Metasploit: Is it a Good Thing, or a Bad Thing?

Many years ago I ran the online ‘Security Clinic’ on ITsecurity.com. It offered free advice from a worldwide pool of security experts.

Late one evening I received a telephone call at home. It was the Chief Constable of Strathclyde Police. He was worried that the Clinic was pointing people to L0phtCrack to help recover their forgotten passwords – he thought the advice might benefit hackers.

> Read More

Chained Exploits: The Business Side of Hacking

As far back as a decade ago, attacks consisted of simultaneously launching strikes utilizing multiple vulnerabilities to gain a foothold in a target network and then following up with privilege escalation attacks to make it more worthwhile for the bad guys. For many years, we simply referred to these attacks as blended threats. While “Chained Exploits” may be fairly a new term,

> Read More

IT Pros Face a “Scary” Patch Tuesday with Zero Day Exploits

This month’s Microsoft Patch Tuesday update has reached an all time high with 13 bulletins, which surpasses the previous high of 12 released in October 2008. IT pros won’t only have to deal with the large amount of patches, but the update also includes fixes for 34 security issues with zero-day issues continuing to be the real nail biters.

> Read More

Old Skool Hax

The focus for those of us in the data leakage arena has generally been on the “big holes,” especially when it comes to the risk of insider theft… email, removable devices and drives (e.g., USB flash drives, external HDDs), removable media (e.g., CDs / DVDs). And for good reason. Why?  Well, first, as I’ve mentioned before,

> Read More