Author Archive

By:


Date:
Nov 4, 2014
It’s true; the internet really is out to get you.  Everything from compromised hosts to foreign intelligence agencies are probing the internet for weaknesses.  It’s important, especially in light of recent events like the POODLE, Sandworm, Shellshock and Heartbleed exploits, to keep your servers up to date and patched.  However, it is equally important to invest in your own peace of mind and security by protecting your servers with a hardware firewall. Firewalls tend to be a little misunderstood, so to remedy that issue, let’s… Read More
By:


Date:
Oct 17, 2014
Researchers at Google recently announced a vulnerability in SSLv3, one of the protocols used for web traffic security.  They have dubbed this exploit ‘POODLE,’ an acronym for Padding Oracle On Downgraded Legacy. SSLv3 is an older protocol, and has largely been replaced by the newer TLS protocol family.  However, older browsers that do not support the TLS family of protocols rely exclusively on SSL. When presented with a TLS connection, browsers like IE6 will propose that the connection use SSLv3, and most servers will comply.… Read More
By:


Date:
Oct 14, 2014
On Tuesday, October 14, 2014, iSIGHT Partners and Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all versions of Microsoft Windows and Windows Server 2008 and 2012. The vulnerability has been exploited in a small number of cyberespionage attacks against NATO, energy companies, a US academic organization and many others. Microsoft has since created a patch and released it as one of their security updates (CVE-2014-4114.). The status for Codero customers: Managed Services: Your servers have been or are currently being patched against this… Read More
By:


Date:
Sep 29, 2014
Recently, the United States Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued an alert regarding CVE-2014-6271, or the ‘Shellshock’ bug, a severe flaw in the bash Linux shell.  This flaw allows attackers to gain complete control of a system with relative ease. A second vulnerability, CVE-2014-7169, was spotted while a patch was being written for the first. UPDATE 9/29/14: Three additional vulnerabilities, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, were discovered early yesterday. . The status for Codero customers as of 9/29: Managed Services: Your servers have… Read More
By:


Date:
Sep 11, 2014
The look in their eyes, their handshake, the tone of their voice, and all of the messages they’re sending with their body language– these are all part of the incredibly complex picture of recognizing who someone is, and ascertaining their intent. For centuries, business transactions were conducted in person. The intermingling of computers, the internet, and business, however, has forced face-to-face interaction to take a backseat to digital forms of identification. The earliest answer to this has been the password.  Yet as password management, standards,… Read More
By:


Date:
Sep 4, 2014
At some point in our lives, we’ve all gone through some online account creation process and created a password.  Frequently, we’re required to choose a password that includes something like at least one capital letter, one number, et cetera.  The stricter the criteria, the more layers of security we think we’ve added to our passwords. However, that’s not actually the case. The math behind password security To understand why, let’s do some math. (It will be really simple, I promise.) One method of attempting to… Read More
By:


Date:
Aug 28, 2014
Security is hot topic on the internet right now and it’s only getting hotter.  In recent years, attacks ranging from simple “script kiddies” to complex, state-sponsored organizations (here’s a detailed report on one of them) have only increased.  The only way to keep a server or environment completely safe from internet-based attacks is to uncable it, and put it in the back of a closet.  Sadly, studies have shown that websites hosted on servers sitting in the back of a closet without an internet connection… Read More
By:


Date:
Aug 12, 2014
As prevalent and sophisticated as IT security threats are today, one of the most significant threats doesn’t involve writing complex code, spreading a virus, or launching a denial of service attack. As attackers have known for a long time, one of the potentially most effective attacks is social engineering, the art of manipulating people to gain access or information to something the attacker is not supposed to have. This type of attack may be low-tech, but it’s just as dangerous as any other major threat,… Read More