Link

Heartbleed is turning into Risk Management Theater. Everyone is claiming they have the best solution and fixes, but really end up looking like fools.

Link

Right on queue. Who didn’t see this coming?

Link

Great job by WhiteHat to add this check to their product offering so quickly. I don’t see any of their competitors doing the same. Yet another reason why point-in-time checks are not good enough.

Link

I took some time to write up all the security related efforts at Wiredrive. We have been quite busy being vigilant across the entire organization.

Link

Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Link

Validate any service you use against Qualys. If they don’t get an A, tell them to upgrade.

Link

The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by OpenSSL software. Wiredrive has patched all servers and installed new SSL keys.

All customers should change their passwords as an added precaution.

Link

Good find by Incapsula. Remember to always filter inputs, no matter the source.

Link

The drone part of this story is silly, the Wifi snooping is not.

Link

27M Wordpress installs may be vulnerable to brute force attacks. Make sure any install is up to date, and carefully review and audit all installed plugins.