You only have to scan the ones you want to keep

Growing up, my dentist had a sign “You don’t have to brush all your teeth, just the ones you plan to keep.”  I thought of that when talking to Qualys recently. As we look ahead to IPv6, vulnerability scanning needs to be addressed.   Old methods like scanning IP ranges don’t work when scanning IPv6.   Qualys’ …

Continue reading ‘You only have to scan the ones you want to keep’ »

Gmail’s State Sponsored Attack Warning

This week, after logging into my Gmail, I was greeted by the message below. “Warning: We believe state-sponsored attackers may be attempting to compromise your account.” In June, Google announced plans for this sort of attack.  At that time, I expected these alerts to be seen by Tibetans targeted by China.   It’s not the …

Continue reading ‘Gmail’s State Sponsored Attack Warning’ »

Dr. Johannes Ullrich and the Principle of Least Priviledge

In an article posted this afternoon at Forbes, Dr. Ullrich compares network professionals who disable unneeded features with slumlords.   He starts comparing a Bible for Section 8 landlords with network security.   For those who don’t know, Section 8 housing  is housing for the poor that is government subsidized.   So, I guess he is also comparing users to …

Continue reading ‘Dr. Johannes Ullrich and the Principle of Least Priviledge’ »

Get your Java While Its Hot

Oracle released Java JRE 1.7 update 7 and 1.6 update 35 today patching critical security holes. Most security professionals recommended disabling Java or removing it while waiting for this update.   So if you’ve ignored that advice, you need to upgrade as soon as possible.

Yet another Flash Update

Fresh from a Flash security update released on patch Tuesday, yesterday Adobe released another security update for Flash. The security bulletin is here. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

correcthorsebatterystaple

via Sophos (and they found it via reddit) If you try to change set your password to “correcthorsebatterystaple” at dropbox, you’ll be advised that you shouldn’t take password advice quite so literally.   See the Sophos link for screenshots. XKCD had a cartoon about passphrase generation.  I recall at the time predictions that people would …

Continue reading ‘correcthorsebatterystaple’ »