You can't secure what you don't acknowledge.SM

Thursday, July 14, 2011

eEye's Metasploit integration - we need more of this!

Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:

"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit exists, users can right-click to launch Metasploit (3.6.0 or higher) directly from the scanner to perform a penetration test against the targeted host."

Thanks for thinking about the workflow of a typical security assessment eEye! I honestly don't know why it has taken vulnerability scanner vendors so long to get this. I'm convinced that some are completely unaware that such features would be of value.

So....a tip to other vulnerability scanning vendors out there: Think about how your scanners work through the eyes of security professionals. What are the pain points? What are the inefficiencies and hurdles to do basic tasks? All you have to do is ask people like myself. I'm often willing and able to share many such frustrations and advice. ;-)

Tuesday, July 12, 2011

How smartphones can make us look dumb

Not long ago I heard a gentleman speaking with radio show host Clark Howard about a phone he purchased online. He said it had all sorts of personal information belonging to the previous owner including her healthcare records. Ouch.

If I understood the caller correctly it sounded like this personal information was sent to the previous owner by her doctor. A doctor who I'm sure is HIPAA compliant...after all, as most healthcare practitioners know, all you need for HIPAA compliance is a sticker-based sign-in sheet and notice of privacy practices handout. OK, maybe a firewall and anti-virus software if you want to go out on a limb and buy into the compliance comes in a box theory. But I digress...

Be careful out there folks. Compliance requirements or not, our smartphones are going to make us look dumber and dumber moving forward if we're not careful.