Tag Archives: Information Security

Posted on by

The Importance of Letting the Penetration Tester Test

Have you ever had a penetration tester ask permission to execute an attack or perform some other action?  You should have, because we would prefer to do that rather than just try that “risky” exploit or make the configuration change.  To be clear, most penetration testers don’t go rogue.  If the company that does your assessments is doing these types of actions without checking with you first, it’s time to reconsider who you are contracting for your assessments.

Continue reading

Comment on this post
Posted on by

HIPAA’s Breach Notification Listing

Imagine this:  you go to your mailbox and pull out the assorted letters and circulars. One of the letters is from your doctor’s office, informing you that the office was broken into and an unsecured laptop was stolen; it contained data on some of the patients and your data may have been on the laptop.

The reality is that those letters are appearing in mailboxes nationwide. Continue reading

Comment on this post
Posted on by

Firebird SQL Stack Buffer Overflow (CVE-2013-2492)

Recently, the SecureState Research and Innovation team found a critical flaw in the latest, stable releases of Firebird SQL. Firebird SQL is an open source SQL server that can sometimes be found bundled with other software packages. The vulnerability SecureState found is a remotely exploitable stack buffer overflow which can be triggered by an unauthenticated user. The vulnerability occurs when the length of a group identifier field in the CNCT information of data sent by the client is not properly validated. This allows 32 bytes to be written to the stack when only 4 should be allowed. The result leads to overwriting a critical pointer which is later used to read a function pointer. Continue reading

Comment on this post