Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Jen Ellis  

Will the Data Security and Breach Notification Act Protect Consumers?

Last week, the House Energy and Commerce Committee published a discussion draft of a proposed breach notification bill – the Data Security and Breach Notification Act of 2015. I'm a big fan of the principles at play here: as a consumer, I expect that if a…

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18). The bug was discovered by researchers at Qualys and named GHOST in reference to the _gethostbyname function (and possibly because it…

How Do We De-Criminalize Security Research? AKA What's Next for the CFAA?

Anyone who read my breakdown on the President's proposal for cybersecurity legislation will know that I'm very concerned that both the current version of the Computer Fraud and Abuse Act (CFAA), and the update recently proposed by the Administration, have and will have a strong…

Will the President's Cybersecurity Proposal Make Us More Secure?

Last week, President Obama proposed a number of bills to protect consumers and the economy from the growing threat of cybercrime and cyberattacks. Unfortunately in their current form, it's not clear that they will make us more secure. In fact, they may have the potential…

Cyber Security Awareness Month: Crisis Response and Communication

Throughout October, Rapid7 has run a series of blog posts designed to help you talk to the C-suite of your organization about security.  We've focused on why executives should pay attention, what they specifically need to focus on, some ways to improve organizational security,…

POODLE Unleashed: Understanding the SSL 3.0 Vulnerability

Three researchers from Google have published findings about a vulnerability in SSL 3.0, a cryptographic protocol designed to provide secure communication over the internet. Although SSL 3.0 is nearly 15 years old, it's still used all over the place – browsers, VPNs, email clients,…

Petition for Reform of the DMCA and CFAA - Why I Care, and Why I Think You Should Too.

Here's the TL;DR: Software now runs everything and all software has flaws, which means that we, as consumers, are at risk. This includes YOU, and can impact your safety or quality of life. Sign this petition to protect your right to information on how…

Cyber Security Awareness Month: Taking it to the C-level and Beyond

October is promoted as cyber security awareness month in the US and across the European Union. We're all for increasing awareness of security issues and threats, so we're in, but we know our average SecurityStreet reader likely works in information security and is already “…

Bash-ing Into Your Network & Investigating CVE-2014-6271

[UPDATE September 29, 2014: Since our last update on this blog post, four new CVEs that track ShellShock/bash bug-related issues have been announced. A new patch was released on Saturday September 27 that addressed the more critical CVEs (CVE-2014-6277 and CVE-2014-6278).  In sum:…

Security Incident Notification

This week, one of the service providers we work with informed us that it was compromised and the attackers targeted Rapid7 assets. Although we are still investigating the incident, we believe that no customer data was compromised. We take customer security very seriously and will…

National Cyber Security Awareness Month: The Value of Vigilance

Today is the last day of October 2013, and so sadly, this is our last NCSAM primer blog. We're hitting on a number of potential threats in this one to help drive the core point home – users need to be vigilant, not just with…

National Cyber Security Awareness Month: Avoiding Cloud Crisis

As you'll know if you've been following our National Cyber Security Awareness Month blog series, we're focusing on user awareness.  We belief that these days every user in your environment represents a point on your perimeter; any may be targeted by attackers and any…

National Cyber Security Awareness Month: Basic Password Hygiene

Throughout October, we're creating basic emails you send to the users in your company to help educate them on information security issues that could affect them in the workplace. Each email provides some information on the issue itself, and some easy steps on how to…

National Cyber Security Awareness Month: Foiling Phishing

For the past 10 years, the DHS has deemed October to be National Cyber Security Awareness Month, and since we have a hunch that people who already work in security are aware that it's is a big issue, we thought we'd help you focus on…

Join Project Sonar and #ScanAllTheThings!

… Or if scanning is not your thing, take a look at the data provided by others and share your views on what it means and what we can do about it.  Apply your learnings to your own environment – how are you exposed?…

Never miss a blog

Get the latest stories, expertise, and news about security today.