4 min
POODLE Unleashed: Understanding the SSL 3.0 Vulnerability
Three researchers from Google
have published findings about a vulnerability in SSL 3.0
, a cryptographic
protocol designed to provide secure communication over the internet. Although
SSL 3.0 is nearly 15 years old, it's still used all over the place – browsers,
VPNs, email clients, etc. In other words, this bug is pretty widespread.
Successful ex
2 min
Microsoft
October Patch Tuesday + Sandworm
Microsoft is back in fine form this month with eight upcoming advisories
affecting Internet Explorer, the entire Microsoft range of supported operating
systems, plus Office, Sharepoint Server and a very specific add on module to
their development tools called “ASP .NET MVC”. Originally nine advisories were
listed in the advance notice, but one of the vulnerabilities affecting Office
and the Japanese language IME was dropped for reasons unknown (the dropped
advisory was bulletin #4 in the advanc
1 min
Sandworm aka CVE-2014-4114
UPDATED: 2.30pm, ET, Tuesday, Oct 14.
There's another vulnerability with a clever name getting a lot of attention:
Sandworm aka
CVE-2014-4114.
This is not a cause for panic for the average system administrator or home
users, but you should take it seriously and patch any vulnerable systems ASAP.
While the reach is pretty broad because the vulnerability in question affects
all versions of the Windows operating system from Vista SP2 to Win
4 min
IT Ops
How to Format Nginx and Django Logs Using KVPs
Interested in learning a couple insider tips to gain more value from your
logs using additional structure?
Specifically, we will show how to easily introduce key-value pair (KVP) format
on Nginx and Django logs.
Of course, the approach is not restricted to those two types of logs, and can be
applied to numerous applications.
Previously, our Head of Product, Marc Concannon explained how logging
information in JSON format makes
it possible to leverag
3 min
IT Ops
Logs: The Most Fine-grained Data Source
As co-founder of Logentries I am often asked – “Why Logs?” And I have to admit,
upon first impression, ‘log management
and analytics’ does not seem like
the sexiest space 🙂 However at Logentries we are here to
redefine that space, to provide a solution to access, manage and understand your
log data that is easy to use, cost effective and intelligent (i.e. it does the
hard work so you don’t have to). But that being said it sti
3 min
Public Policy
Petition for Reform of the DMCA and CFAA
Here's the TL;DR:
Software now runs everything and all software has flaws, which means that we, as
consumers, are at risk. This includes YOU, and can impact your safety or quality
of life. Sign this petition to protect your right to information on how you are
exposed to risk:
https://petitions.whitehouse.gov/petition/unlock-public-access-research-software
-safety-through-dmca-and-cfaa-reform/DHzwhzLD
The petition
Last weekend a petition
8 min
Adventures in Empty UDP Scanning
One of the interesting things about security research, and I guess research in
general, is that all too often the only research that is publicized is research
that proves something or shows something especially amazing. Research that is
incomplete, where the original hypothesis or idea ends up being incorrect, or
that ends up at non-spectacular conclusions rarely ends up getting published. I
feel that this trend is doing a disservice to the research community because the
paths that the authors
2 min
IT Ops
How to Master the Installation of the Windows Agent
Over the past month we have been updating the LogentriesWindows Agent
to make it more powerful for our
growing customers needs. One particular area we felt needed updating was the
Command Line capabilities of the Windows Agent
.
Logentries is now proud to announce that you now have even more ways to install
our Windows Agent to your environment.
2 min
API
Scan Export/Import Using the nexpose-client Gem
The latest release (5.10.13) introduces a new feature into Nexpose, scan
exporting and importing. We're looking to address a need in air-gap
environments, where customers can have multiple consoles to address network
partitioning. This approach is not without its warts. For example, if you have
deleted assets from a site, this process will bring them back to life.
This post is going to walk through a pair of Ruby scripts using the
nexpose-client gem. The first script will export the site config
5 min
IT Ops
In the Log Management World: Are you a Fox or Hedgehog?
I’ve recently been reading Nate Silver’s book, “The Signal and the Noise.” In
the book, Silver looks at a number of areas where predictions have been made and
considers how successful they have been, as well as the reasons why they have
been accurate (or not).
I couldn’t help but draw the similarities how most companies use log management
tools today.
Silver’s particular interests are political forecasting (see
www.fivethirtyeight
2 min
Incident Detection
UserInsight Integrates with LogRhythm SIEM to Accelerate Incident Detection and Response
Rapid7 UserInsight finds the attacks you're missing by detecting and
investigating indications of compromised users from the endpoint to the cloud.
UserInsight now integrates with
LogRhythm, a leading Gartner-rated SIEMs in the industry. If you have already
integrated all of your data sources with LogRhythm, you can now configure
UserInsight to consume its data through LogRhythm, significantly simplifying
your UserInsight deployment.
UserInsight
2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
3 min
IT Ops
Heroku Buttons Rock!
As one of Heroku’s beta users I had the chance to check out the new Heroku
button gallery last week. I must say I was very
pleasantly surprised.
Over the past few years, it’s fair to say Heroku have nailed their PAAS
offering. They are one of the few PAAS providers to truly succeed in providing
developers both an easy to deploy platform, and a full ecosystem of add ons.
This allows you as a developer to get on with what you do best.
Yes, you can actually spend you
2 min
SIEM
Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior
If you're using HP ArcSight ESM as your SIEM, you can now add user-based
incident detection and response to your bag of tricks. Rapid7 is releasing a new
integration between Rapid7 UserInsight
and HP ArcSight ESM
, which enables you to detect, investigate and respond to security threats
targeting a company's users more quickly and effectively.
HP ArcSight is
3 min
IT Ops
Logging from PHP Web Frameworks like Laravel
So what is Laravel ?
Laravel is a relatively new MVC web framework for PHP that was released in 2012.
It’s also the most popular PHP project on Github
at the time of this post. Like many web
frameworks, Laravel boasts an easy learning-curve to get an app up and
running. This was certainly the case when I used it.
While this post is focusing on logging in Laravel, its applicable to other php
web frameworks, like Symfony2