You are viewing 'ActiveGuard'

Heartbleed, Part III

An Ongoing Threat

Chad Kahl

April 18, 2014 - Posted by Chad Kahl to Threat Intelligence

W00t! It's trilogy time! Some stories warrant a trilogy, like Christopher Nolan's Dark Knight Trilogy or Star Wars Episodes IV to VI. Others, not so much... yeah, I'm looking at you Karate Kid II and III.

I think the Heartbleed bug in OpenSSL warrants the additional coverage. Only time will tell, I suppose.

For those of you just joining us, part one is the blog "'Heartbleed Bug' in OpenSSL Puts Data at Risk", where I covered what the vulnerability is and how to remediate it with the information that was available shortly after the release.

To recap: we are dealing with a single vulnerability in the OpenSSL library that was exploitable for over two years. It exploits a missing bounds check in the heartbeat function, which is normally used to notify a server the client is still active. The result is a leak in system memory, up to and including the private key for the SSL certificate. Bad News Bears,... read more >

“Heartbleed Bug” in OpenSSL Puts Data at Risk

Chad Kahl

April 08, 2014 - Posted by Chad Kahl to Threat Intelligence

As OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet, most users come into contact with it on a regular basis. Unfortunately, a serious vulnerability in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520), deemed the “Heartbleed Bug” was discovered on Monday. The official CVE reference to this bug is CVE-2014-0160. This weakness allows attackers to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as Web, email, instant messaging (IM) and some virtual private networks (VPNs).

This vulnerability was first placed in the OpenSSL code during December 2011 and was released into the... read more >

We All Need the Human Touch, Even in IT Security

Joseph (JB) Blankenship

July 11, 2013 - Posted by Joseph (JB) Blankenship to Security Insight

I think singer Rick Springfield got it right back in 1983. We all need the human touch, even in IT security. For most of us who have been around IT security for some time, especially on the vendor side, security is about new technology, a new feature on an appliance or a vendor who has a new take on an old problem. What’s missing from that mindset is the human touch – how adding human intelligence and human interaction to the technology makes for a stronger security solution.

Being an old-school music fan, there’s nothing better to me than watching a real band, with real musicians performing on stage. Techno and computerized music are mostly lost on me. Back in ’83, Rick was prescient enough to write:

Everybody's talking to computers
They're all dancing to a drum machine
I know I'm living on the outside
Scared of getting caught between
I'm so cool and calculated alone in the modern world

How... read more >

ActiveGuard Log Volume Analyzer - LOVE IT!

Court Little

February 12, 2013 - Posted by Court Little to Security Insight

It’s almost Valentine’s Day! And in honor of Mr. Saint Valentine I am going to opine for a bit on an ActiveGuard® feature that I LOVE. Specifically I am going to tell you why LOVE is at the heart of this technical process. What is this I speak of? ALVA. No, not Alva and the Chipmunks but the “ActiveGuard Log Volume Analyzer” or also commonly known as LAVA in its latest form within our company. Why is LOVE integral to ALVA/LAVA? Let me tell you!

love logs are the back bone of any security monitoring practice. But not all security incidents, threats or events have a specific log event tied to it. Not all products such as WAFs or IDSs have signatures to detect every security event, nor are there explicit log lines that will occur for every issue a device may face. But by... read more >

Malware Reverse Engineering and Protecting the Client Base

Doug Picotte

October 23, 2012 - Posted by Doug Picotte to Threat Intelligence

I was on a sales call recently when a client requested an example of how our Security Engineering Research Team (SERT) provides specific security intelligence that results in the protection of the client base. This was a great question, and I wanted to take a moment to provide a real-world example of the value that SERT delivers to both the client base and the security community at large.

Malware Reverse Engineering

SERT performs ongoing malware and threat analysis, and regularly provides consumable threat intelligence to the rest of the Solutionary engineering teams. In one particular case, SERT obtained an image of a suspected infected machine residing on a client network. SERT performed a full analysis of the image and isolated the malware specific files. SERT then performed reverse engineering using advanced static... read more >

1 | 2 | 3 | 4 | 5 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)