3 min
IT Ops
Logging Activity in a Smart Home
The Smart Home concept is a subset of the Internet of Things(IoT). The core idea
is to connect “things” (digital devices) to each other to facilitate
communication, feedback, and alerting. In essence connecting the physical world
with the digital world. We are installing new sensors and actuators into
everyday devices that is leading to new IoT and Smart Home services by
integrating existing solutions and technologies.
The IoT network is growing at an unbelievable pace.
From just 2 billion obje
3 min
Vulnerability Disclosure
R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access
Introduction
GNU Wget is a command-line utility designed to download files via HTTP, HTTPS,
and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack
(CVE-2014-4877) when running in recursive mode with a FTP target. This
vulnerability allows an attacker operating a malicious FTP server to create
arbitrary files, directories, and symlinks on the user's filesystem. The symlink
attack allows file contents to be overwritten, including binary files, and
access to the entire filesystem wit
2 min
Nexpose
Improve your scan performance with Scan Engine pooling
You can improve the speed of your scans for large numbers of assets in a single
site by pooling your Scan Engines. With pooling, the work it takes to scan one
large site is split across multiple engines to maximize pool utilization.
Additionally, engine pooling can assist in cases of fault tolerance. For
example, if one Scan Engine in the pool fails during a scan, it will transfer
the scanning tasks of that asset to another engine within the pool.
Available with the release of Nexpose 5.11, thi
5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
3 min
IT Ops
Shared Services: The Unicorn Every DevOps is Looking For
In my hunt for the mysterious DevOps practice, I’ve been let down. DevOps are
hard to find. When you find them, they do not exactly do what you think they
should do. Some DevOps teams only execute on automation for dev; while others
are operations folks with a new name; and still others are internal consultants
helping operations and developers (but not actually doing the work).
In my DevOps scavenger hunt I have identified a new type of creature; shared
services (aka the unicorn)
What I have
17 min
Project Sonar
R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities
Overview
In the summer of 2014, Rapid7 Labs started scanning the public Internet for
NAT-PMP as part of Project Sonar
. NAT-PMP is a protocol
implemented by many SOHO-class routers and networking devices that allows
firewall and routing rules to be manipulated to enable internal, assumed trusted
users behind a NAT device to allow external users to access internal TCP and UDP
services for things like Apple's Back to My Mac and file/media shar
3 min
Thank You! Five Years of Metasploit at Rapid7
On October 20, 2009 -- five years ago today -- Rapid7 acquired Metasploit. At
the time, there was skepticism about the deal, and what it would mean for
Metasploit and the open source community. The skepticism was, of course, fair.
If Rapid7 was going to fund (and therefore, control) the development of the
Metasploit Framework, why would anyone contribute to it any more? Why give away
work product for free when Rapid7 is just going to turn around and sell it?
Today, Metasploit is still actively
4 min
IT Ops
4 Alerts You Need In Case System Events Stop Occurring
“Silence is golden”
This is not always true, especially when something you were expecting to happen*
doesn’t* happen.
However, this is true when you have a system or a service you are trying to
maintain and things stop happening or go quiet.
We recently developed a new service — Inactivity Alerting
— to help you with this
common challenge and, as you might expect, it fires alerts when there is noted
inactivity around a specific log or eve
2 min
Nexpose
Site Consolidation with the Nexpose Gem
The introduction of the scan export/import feature opens up the ability to merge
sites, at least through the Ruby gem.
Imagine a scenario where you had split up your assets into several sites, but
now you realize it would be easier to manage them if you just merge them into
one. Maybe you have duplicate assets across sites and that wasn't your intent.
The script below allows you to merge multiple sites into one. I replays the
scans from each site into the new one (in just a fraction of the amou
3 min
Vulnerability Disclosure
Block the POODLE's bite: How to scan for CVE-2014-3566
A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly
jeopardizes the protocol's ability to secure communications. All versions of SSL
have been deprecated and its use should be avoided wherever possible. POODLE
(Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits
this vulnerability and allows a hacker to potentially steal information by
altering communications between the SSL client and the server (MitM). Learn
more
about CVE-2014-3566
4 min
POODLE Unleashed: Understanding the SSL 3.0 Vulnerability
Three researchers from Google
have published findings about a vulnerability in SSL 3.0
, a cryptographic
protocol designed to provide secure communication over the internet. Although
SSL 3.0 is nearly 15 years old, it's still used all over the place – browsers,
VPNs, email clients, etc. In other words, this bug is pretty widespread.
Successful ex
2 min
Microsoft
October Patch Tuesday + Sandworm
Microsoft is back in fine form this month with eight upcoming advisories
affecting Internet Explorer, the entire Microsoft range of supported operating
systems, plus Office, Sharepoint Server and a very specific add on module to
their development tools called “ASP .NET MVC”. Originally nine advisories were
listed in the advance notice, but one of the vulnerabilities affecting Office
and the Japanese language IME was dropped for reasons unknown (the dropped
advisory was bulletin #4 in the advanc
1 min
Sandworm aka CVE-2014-4114
UPDATED: 2.30pm, ET, Tuesday, Oct 14.
There's another vulnerability with a clever name getting a lot of attention:
Sandworm aka
CVE-2014-4114.
This is not a cause for panic for the average system administrator or home
users, but you should take it seriously and patch any vulnerable systems ASAP.
While the reach is pretty broad because the vulnerability in question affects
all versions of the Windows operating system from Vista SP2 to Win
4 min
IT Ops
How to Format Nginx and Django Logs Using KVPs
Interested in learning a couple insider tips to gain more value from your
logs using additional structure?
Specifically, we will show how to easily introduce key-value pair (KVP) format
on Nginx and Django logs.
Of course, the approach is not restricted to those two types of logs, and can be
applied to numerous applications.
Previously, our Head of Product, Marc Concannon explained how logging
information in JSON format makes
it possible to leverag
3 min
IT Ops
Logs: The Most Fine-grained Data Source
As co-founder of Logentries I am often asked – “Why Logs?” And I have to admit,
upon first impression, ‘log management
and analytics’ does not seem like
the sexiest space 🙂 However at Logentries we are here to
redefine that space, to provide a solution to access, manage and understand your
log data that is easy to use, cost effective and intelligent (i.e. it does the
hard work so you don’t have to). But that being said it sti