10 Apr 2014

KATU Interview on Heartbleed

I was interviewed by KATU regarding the Heartbleed OpenSLL bug.

07 Apr 2014

OpenSSL Zero Day Vulnerability ‘Heartbleed’ Impacts Internet Encryption

A new zero day vulnerability (CVE-2014-0160) affecting OpenSSL nicknamed ‘Heartbleed’ was introduced in December 2011 and has been fixed today in OpenSSL 1.0.1g. The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8. Attackers who exploit the vulnerability can monitor all data passed between a service

04 Apr 2014

Active Shooter Response

The U.S. Department of Homeland Security define “active shooter” as “an individual actively engaged in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearm[s] and there is no pattern or method to their selection of victims”.  Dealing with an active

25 Mar 2014

Speeding Up Grep Log Queries with GNU Parallel

Sometimes you come across a tool that everyone but you seems to have known about. I hit a wall recently where I wanted to query a massive 10GB text file with a list of terms in another file. Usually a simple grep command would do the trick, but I quickly

24 Mar 2014

When Security Tools Cry Wolf

With the recent Target and Nieman Marcus breaches, we have seen that the attacks did not go without detection by the retailers’ security tools. However, both cases reveal a larger problem: With the rising number and complexity of security tools at our fingertips, sometimes everything looks like an alert so