This post is going to be short and sweet as it’s something I meant to put up here when I found it sometime back in mid-2011. I’m not even sure if Time Warner is still using these Ubee cable modems for their RoadRunner offering, but I’m sure that there are at least a few people […]
A couple of weeks back, HD Moore posted a blog entry entitled “Security Flaws in Universal Plug and Play: Unplug, Don’t Play” supporting a Rapid7 Whitepaper in which he discusses the 81 million unique IP addresses that respond to UPnP discovery requests on the Internet and the 23 million fingerprints that match a version of […]
I recently had the opportunity to play with a data analytics platform called LYNXeon by a local company (Austin, TX) called 21CT. The LYNXeon tool is billed as a “Big Data Analytics” tool that can assist you in finding answers among the flood of data that comes from your network and security devices and it […]
I was having lunch with Charles Henderson from Trustwave Spider Labs the other day and he mentioned that he had just gotten signed up with the new Roadrunner Extreme Broadband Beta from Time Warner Cable. He mentioned insane download and upload speeds as well as the new DOCSIS 3.0 compliant modem. It was enough to […]
Much like many other companies these days, National Instruments hires many of our developers straight out of school. Many times when engaging with these new hire developers, I will ask them what kind of security they learned at their university. In almost all cases I’ve found that the answer hasn’t changed since I graduated back […]
Notice anything wrong with this picture? I was walking by one of the Iron Mountain Secure Shredding bins at work one day several months ago and noticed that the lock wasn’t actually locked. Being the security conscious individual that I am, I tried to latch the lock again, but the lock was so rusted that […]
I had a meeting yesterday with a vendor who sells a SaaS solution for binary application vulnerability testing. They tell a very interesting story of a world where dynamic testing (“black box”) takes place alongside static testing (“white box”) to give you a full picture of your application security posture. They even combine the results […]
Part of my new role as the Information Security Program Owner at NI is taking care of our regulatory compliance concerns which means I spend quite a bit of time dealing with auditors. Now auditors are nice people and I want to preface what I’ll say next by saying that I think auditors do perform […]
One of the coolest things about working on the Web Systems Team at National Instruments is that the company has invested in a wide variety of tools to assist us with our jobs. Since we are responsible for the availability of ni.com, we have the standard URL and content monitors (Sitescope and Nagios). We also […]
I’ve spent a lot of time over the past few months writing an enterprise application in PHP. Despite what some people may say, I believe that PHP is as secure or insecure as the developer who is writing the code. Anyway, I’m at the point in my development lifecycle where I decided that it was […]
