Author Archive

By:


Date:
Sep 29, 2014
Recently, the United States Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued an alert regarding CVE-2014-6271, or the ‘Shellshock’ bug, a severe flaw in the bash Linux shell.  This flaw allows attackers to gain complete control of a system with relative ease. A second vulnerability, CVE-2014-7169, was spotted while a patch was being written for the first. UPDATE 9/29/14: Three additional vulnerabilities, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, were discovered early yesterday. . The status for Codero customers as of 9/29: Managed Services: Your servers have… Read More
By:


Date:
Sep 11, 2014
The look in their eyes, their handshake, the tone of their voice, and all of the messages they’re sending with their body language– these are all part of the incredibly complex picture of recognizing who someone is, and ascertaining their intent. For centuries, business transactions were conducted in person. The intermingling of computers, the internet, and business, however, has forced face-to-face interaction to take a backseat to digital forms of identification. The earliest answer to this has been the password.  Yet as password management, standards,… Read More
By:


Date:
Sep 4, 2014
At some point in our lives, we’ve all gone through some online account creation process and created a password.  Frequently, we’re required to choose a password that includes something like at least one capital letter, one number, et cetera.  The stricter the criteria, the more layers of security we think we’ve added to our passwords. However, that’s not actually the case. The math behind password security To understand why, let’s do some math. (It will be really simple, I promise.) One method of attempting to… Read More
By:


Date:
Aug 28, 2014
Security is hot topic on the internet right now and it’s only getting hotter.  In recent years, attacks ranging from simple “script kiddies” to complex, state-sponsored organizations (here’s a detailed report on one of them) have only increased.  The only way to keep a server or environment completely safe from internet-based attacks is to uncable it, and put it in the back of a closet.  Sadly, studies have shown that websites hosted on servers sitting in the back of a closet without an internet connection… Read More
By:


Date:
Aug 12, 2014
As prevalent and sophisticated as IT security threats are today, one of the most significant threats doesn’t involve writing complex code, spreading a virus, or launching a denial of service attack. As attackers have known for a long time, one of the potentially most effective attacks is social engineering, the art of manipulating people to gain access or information to something the attacker is not supposed to have. This type of attack may be low-tech, but it’s just as dangerous as any other major threat,… Read More
By:


Date:
Dec 19, 2013
One of the complaints I hear most often from folks in network-related roles is that they feel like they're being crammed into a little box. There's plenty to learn and do in technical roles, but too frequently people are only allowed to work on a very small subset of tasks with limited responsibilities. Recently, I was interviewing a candidate and asked what technology they most wanted to work on. Their response was, "Well, I really want to be able to work on the core routing… Read More