Monthly Archives: January 2013

UPnP and the communication problem

      No Comments on UPnP and the communication problem

HD Moore of Metasploit fame publishes a blog post about Universal Plug and Play (UPnP) vulnerabilities and now the Twittersphere is burning with prognostications of doom. The blog post is based on some very interesting research by Rapid7 which does indeed make for worrying reading. But for me, the part that raises the greatest concern is the appendix. In it, Rapid7 lists previous research… Read more »

ContraRisk Security Podcast 0001: Java and rogue clouds #csp

» Listen to the podcast » » In the first ContraRisk Security Podcast, Steve Mansfield-Devine talks to Ross Barrett of Rapid7 about the problems with Java, and Richard Walters of SaaSID about the dangers posed by unauthorised use of cloud services within organisations. The first month of 2013 witnessed a series of Java zero-day flaws being used in exploit kits. Java vulnerabilities are… Read more »

Dangerous data

      No Comments on Dangerous data

Data is dangerous stuff. In spite of the old cliché about it being the ‘lifeblood’ of your business, having too much of it can be a problem. Many companies merrily accumulate as much data as they can – not least by collecting unnecessarily large amounts of intelligence about their customers – on the basis that it is somehow an asset…. Read more »