CERT-SEI
SEI Blogs Banner
Announcing CERT Tapioca for MITM Analysis
08/21/2014 - CERT/CC
Will Dormann
Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application. In particular, I'm looking at web (HTTP and HTTPS) traffic. There are plenty of MITM proxies, such as ZAP, Burp, Fiddler, mitmproxy, and...
Unintentional Insider Threats by Economic Sector
07/22/2014 - insider threat
CERT Insider Threat Center
Tracy Cassidy discusses CERT research on unintentional insider threat (UIT) with an emphasis on phishing and malware incidents.
Bundled Software and Attack Surface
07/07/2014 - CERT/CC
Will Dormann
In this blog post, Will Dormann discusses application downloads bundled with other software and how it affects your attack surface.
Investigating Advanced Persistent Threat 1
05/20/2014 - CERT/CC
Deana Shick
Diana Shick and Angela Horneman discuss Advanced Persistent Threat 1 (APT1).
05/14/2014 - insider threat
CERT Insider Threat Center
Matt Collins describes the work involved in identifying and analyzing four insider threat IT sabotage patterns.
Why Cybersecurity Is Not Like the Immune System
03/24/2014 - CERT/CC
Jonathan Spring
Jonathan Spring discusses why cybersecurity is not like the immune system, but why it would be nice if it were.
10 Years of FloCon
02/18/2014 - CERT/CC
George Jones
George Jones, chair of the 10th FloCon Conference, discusses the conference's general topics and themes over the years.
Taking Control of Linux Exploit Mitigations
02/17/2014 - CERT/CC
Will Dormann
Last week, Will Dormann examined two exploit mitigations on the Linux platform. In this new post, Will explains how to add further exploit protections to Linux.
Differences Between ASLR on Windows and Linux
02/10/2014 - CERT/CC
Will Dormann
Will Dormann explains how ASLR works on Linux and how it differs from ASLR on Windows.
Feeling Insecure? Blame Your Parent!
02/03/2014 - CERT/CC
Will Dormann
Will Dormann describes how parent properties can cause security problems for a child process.
Practical Math for Your Security Operations - Part 3 of 3
01/07/2014 - CERT/CC
Vijay Sarvepalli
Vijay Sarvepalli introduces a way to use entropy to detect anomalies in network communications patterns.
Theft of Intellectual Property by Insiders
12/18/2013 - insider threat
CERT Insider Threat Center
Matt Collins provides statistics related to insider threat cases involving the theft of intellectual property.
Hacking the CERT FOE
11/26/2013 - CERT/CC
Will Dormann
Will Dormann describes a modification to FOE code to make it work better with another application and encourages others to modify the code themselves.
Prioritizing Malware Analysis
11/14/2013 - CERT/CC
Jose Morales
Jose Morales describes research to prioritize malware samples in an analyst's queue based on the file's execution behavior.
Analyzing Routing Tables
10/24/2013 - CERT/CC
Timur Snoke
Timur Snoke describes maps he developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers.
BFF 2.7 on OS X Mavericks
10/23/2013 - CERT/CC
Will Dormann
Will Dormann describes how to get BFF 2.7 to run on OS X Mavericks.
Working with the Internet Census 2012
10/22/2013 - CERT/CC
Timur Snoke
Deana Shick and Angela Horneman discuss how the Internet Census 2012 project helped them better understand devices associated with various sets of IP addresses.
Analyzing Insider Threat Data in the MERIT Database
10/17/2013 - insider threat
CERT Insider Threat Center
Matt Collins describes types of insider incident data recorded in the MERIT database, which are analyzed to understand the who, what, when, where, and why of insider incidents.
Vulnerabilities and Attack Vectors
10/01/2013 - CERT/CC
Will Dormann
Will Dormann provides examples that illustrate why vulnerability analysts use attack vectors when they're examining software bugs and vulnerabilities.
Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler
09/30/2013 - CERT/CC
Allen Householder
Allen Householder discusses the crash recycling feature of the recently released fuzzing tools BFF v2.7 and FOE v2.1.
The Latest CERT Research of Unintentional Insider Threats: Social Engineering
09/30/2013 - insider threat
CERT Insider Threat Center
In this post, Dave Mundie discusses the research CERT is doing on unintentional insider threats, in particular social engineering.
Signed Java Applet Security Improvements
09/24/2013 - CERT/CC
Will Dormann
Will Dormann points out potential pitfalls when using Java 7u25 features designed to prevent a Java applet from being repurposed.
One Weird Trick for Finding More Crashes
09/23/2013 - CERT/CC
Will Dormann
Will Dormann announces updates to CERT fuzzing tools, FOE and BFF, and describes the changes in the new versions.
Practical Math for Your Security Operations - Part 2 of 3
09/13/2013 - CERT/CC
Vijay Sarvepalli
Vijay Sarvepalli describes how to use statistical modeling using standard deviation to analyze your network security data.
International Considerations for Cybersecurity Best Practices
09/03/2013 - insider threat
CERT Insider Threat Center
Lori Flynn and Carly Huth describe how strategies for international cybersecurity should account for five factors.
Seven Ways Insider Threat Products Can Protect Your Organization
08/23/2013 - insider threat
CERT Insider Threat Center
George Silowash explores the top 7 attributes of insider threat cases according to our database of over 700 incidents.
A Multi-Dimensional Approach to Insider Threat
08/20/2013 - insider threat
CERT Insider Threat Center
David Mundie describes a pattern language for insider threat derived from examining more than 700 insider threat cases.
Domains That Are Typos of Other Domains
08/15/2013 - CERT/CC
Jonathan Spring
Jonathan Spring discusses the usage of domains that are typos of other domains.
Mining Ubuntu for Interesting Fuzz Targets
08/15/2013 - CERT/CC
Jonathan Foote
We explain how to use information from databases in stock Ubuntu systems to gather parameters for performing corpus distillation and fuzzing.
Tempering the Vulnerability Hype Cycle with CVSS
08/08/2013 - CERT/CC
Todd Lewellen
Todd Lewellen explains how CVSS can help develop a more accurate understanding of a vulnerability's severity.
Unintentional Insider Threats: The Non-Malicious Within
08/07/2013 - insider threat
CERT Insider Threat Center
David Mundie describes research on the unintentional insider threat.
Practical Math for Your Security Operations - Part 1 of 3
08/06/2013 - CERT/CC
Vijay Sarvepalli
Vijay Sarvepalli explores some practical uses of math in your Security Operations Center.
Attend Our Insider Threat Webinar
08/01/2013 - insider threat
CERT Insider Threat Center
Randy Trzeciak announces the webinar Managing the Insider Threat: What Every Organization Should Know.
A ccTLD Case Study: .tv
07/12/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf and Jonathan Spring examine usage of the .tv top-level DNS zone and its importance to the nation of Tuvalu.
Forensics Software and Oracle Outside In
07/08/2013 - CERT/CC
Will Dormann
Will Dormann discusses the risks, and their mitigations, of using forensics software to process untrusted data.
The Risks of Microsoft Exchange Features that Use Oracle Outside In
06/04/2013 - CERT/CC
Will Dormann
Will Dormann describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it.
Keep Calm and Deploy EMET
05/08/2013 - CERT/CC
Jared Allar
Jared Allar provides information about an effective approach to blocking exploits of CVE-2013-1347.
Controlling the Malicious Use of USB Media
05/06/2013 - insider threat
CERT Insider Threat Center
George Silowash explains the importance of protecting your organization from the theft of information using USB media.
Don't Sign that Applet!
04/30/2013 - CERT/CC
Will Dormann
Will Dormann describes how Oracle's new guidance for Java applets may cause more harm than good.
Finding Patterns of Malicious Use in Bulk Registrations
04/24/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf and Jonathan Spring describe how finding patterns in bulk registrations can help identify potentially malicious domains.
GeoIP in Your SOC (Security Operations Center)
04/17/2013 - CERT/CC
Vijay Sarvepalli
Vijay Sarvepalli discusses GeoIP capabilities that can be built into your SOC to provide a spatial view of your network threats.
Second Level Domain Usage in 2012 for Common Top Level Domains
04/04/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf and Jonathan Spring examine second level domain usage in 2012 for the most common generic Top Level Domains.
The Growth of IPv6 Announcements
03/27/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf and colleague Rhiannon Weaver present a method for assessing how popular IPv6 is on the internet.
An Alternate View of Announced IPv4 Space
03/21/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf describes an alternate way to view advertised IP address space on the internet using publicly available information.
The Growth Rate of IP Addresses That Are Advertised as Usable on the Internet
03/13/2013 - CERT/CC
Leigh Metcalf
Leigh Metcalf describes how to use publicly available information to calculate the growth rate of advertised IP address space.
How Ontologies Can Help Build a Science of Cybersecurity
03/12/2013 - insider threat
CERT Insider Threat Center
David Mundie discusses the construction of an ontology for cybersecurity.
Watching Domains That Change DNS Servers Frequently
03/11/2013 - CERT/CC
Timur Snoke
Leigh Metcalf describes the results of our three-month study of domains that change their name servers frequently.
CERT Insider Threat Events at the RSA Conference
02/19/2013 - insider threat
CERT Insider Threat Center
Dawn Cappelli invites users to meet her team at the RSA conference.
Common Sense Guide to Mitigating Insider Threats - Best Practice 19 (of 19)
02/13/2013 - insider threat
CERT Insider Threat Center
Derrick Spooner describes the last of 19 best practices in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 18 (of 19)
02/11/2013 - insider threat
CERT Insider Threat Center
Randy Trzeciak describes the 18th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 17 (of 19)
02/08/2013 - insider threat
CERT Insider Threat Center
Daniel Costa describes the 17th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 16 (of 19)
02/06/2013 - insider threat
CERT Insider Threat Center
George Silowash describes the 16th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 15 (of 19)
02/04/2013 - insider threat
CERT Insider Threat Center
Randy Trzeciak describes the 15th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 14 (of 19)
02/01/2013 - insider threat
CERT Insider Threat Center
Eleni Tsamitis describes the 14th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 13 (of 19)
01/30/2013 - insider threat
CERT Insider Threat Center
Ying Han describes the 13th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 12 (of 19)
01/28/2013 - insider threat
CERT Insider Threat Center
Sam Perl describes the 12th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)
01/25/2013 - insider threat
CERT Insider Threat Center
Todd Lewellen describes the 11th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 10 (of 19)
01/23/2013 - insider threat
CERT Insider Threat Center
Marcus Smith describes the 10th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 9 (of 19)
01/21/2013 - insider threat
CERT Insider Threat Center
Mike Albrethsen describes the 9th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 8 (of 19)
01/18/2013 - insider threat
CERT Insider Threat Center
Jeremy Strozer describes the 8th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 7 (of 19)
01/16/2013 - insider threat
CERT Insider Threat Center
Chris King describes the 7th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Anatomy of Java Exploits
01/15/2013 - CERT/CC
Art Manion
Art Manion and David Svoboda examine the vulnerabilities that permitted Java to be exploited in two recent cases.
Common Sense Guide to Mitigating Insider Threats - Best Practice 6 (of 19)
01/14/2013 - insider threat
CERT Insider Threat Center
Jason Clark describes the 6th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 5 (of 19)
01/11/2013 - insider threat
CERT Insider Threat Center
Derrick Spooner describes the 5th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Java in Web Browser: Disable Now!
01/10/2013 - CERT/CC
Art Manion
In light of a recent Java vulnerability, Will Dormann and Art Manion discuss why you should disable Java.
Common Sense Guide to Mitigating Insider Threats - Best Practice 4 (of 19)
01/09/2013 - insider threat
CERT Insider Threat Center
Carly Huth describes the 4th best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 3 (of 19)
01/08/2013 - insider threat
CERT Insider Threat Center
Daniel Costa describes the 3rd best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)
01/03/2013 - insider threat
CERT Insider Threat Center
Randy Trzeciak describes the 2nd best practice in the latest Common Sense Guide to Mitigating Insider Threats.
Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)
01/03/2013 - insider threat
CERT Insider Threat Center
Daniel Costa describes the 1st best practice in the latest Common Sense Guide to Mitigating Insider Threats.
The Common Sense Guide to Mitigating Insider Threats Expanded
12/14/2012 - insider threat
CERT Insider Threat Center
George Silowash announces the release of the Common Sense Guide to Mitigating Insider Threats, 4th Edition.
Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released
12/13/2012 - insider threat
CERT Insider Threat Center
Lori Flynn announces the release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats.
Forking and Joining Python Coroutines to Collect Coverage Data
12/05/2012 - CERT/CC
Jonathan Foote
Jonathan Foote explains how to expand Beazley's cobroadcast pattern by adding a join capability.
Insider Threats in State and Local Government
11/14/2012 - insider threat
CERT Insider Threat Center
Matt Collins describes insider threats in the state and local government sectors.
A Look Inside CERT Fuzzing Tools
11/05/2012 - CERT/CC
Allen Householder
Allen Householder introduces recent reports that describe some heuristics and algorithms implemented in CERT fuzzing tools.
11/02/2012 - insider threat
CERT Insider Threat Center
Todd Lewellen announces a revised version of the Spotlight On: Insider Threat from Trusted Business Partners article.
Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)
10/25/2012 - CERT/CC
Allen Householder
Allen Householder announces the release of updates of CERT fuzzing tools: BFF version 2.6 and FOE version 2.0.1.
External Threat Analysis
10/05/2012 - insider threat
CERT Insider Threat Center
Dan Klinedinst discusses applying analysis techniques to security data in an automated fashion.
Insider Threats Related to Cloud Computing--Installment 10: Conclusion
10/01/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll describe the current state of cloud-related insider threats and our vision for the future.
The Insider Threat Awareness Virtual Roundtable Webinar
09/25/2012 - insider threat
CERT Insider Threat Center
Dawn Cappelli summarizes The Insider Threat Awareness Virtual Roundtable webinar.
Insider Threats Related to Cloud Computing--Installment 9: Two More Proposed Directions for Future Research
09/24/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss user behavior analysis and policy integration for cloud-related insider threats.
Insider Threats Related to Cloud Computing--Installment 8: Three More Proposed Directions for Future Research in Detail
09/17/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss cloud-based indicators of insider threats and two more areas of future research.
Insider Threats Related to Cloud Computing--Installment 7: Seven Proposed Directions for Research and Two in Detail
09/12/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll introduce seven directions for cloud-related insider threat research and discuss two.
CERT Insider Threat Center in the News
09/10/2012 - insider threat
CERT Insider Threat Center
Dawn Cappelli excerpts SC Magazine, FedTech, Information Week, eWeek, and GovInfoSecurity articles.
Insider Threats Evident in All Industry Sectors
09/07/2012 - insider threat
CERT Insider Threat Center
Todd Lewellen explains how no sector is free from the actions of malicious insiders.
Study on Insider Cyber Fraud in Financial Services Released
09/06/2012 - insider threat
CERT Insider Threat Center
Randy Trzeciak describes a study that revealed the type of insiders who commit insider financial cyber fraud and more.
Java 7 Attack Vectors, Oh My!
09/05/2012 - CERT/CC
Art Manion
Art Manion discusses how and why to disable Java support in web browsers.
The Report
09/05/2012 - CERT/CC
Austin Whisnant
Austin Whisnant describes a report about creating an inventory of assets on a network using network flow data.
Insider Threats Related to Cloud Computing--Installment 6: Securing Against Other Cloud-Related Insiders
09/04/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss how to secure against cloud exploits and those using the cloud against you.
Upcoming Appearances by CERT Insider Threat Experts
08/30/2012 - insider threat
CERT Insider Threat Center
Insider Threat team members list upcoming appearances in topics related to insider threats, risk, and cybersecurity.
Java Security Manager Bypass Vulnerability
08/29/2012 - CERT/CC
Art Manion
Art Manion discusses the need to disable the Java 7 plug-in for web browsers to avoid phishing and drive-by browsing attacks.
Insider Threats Related to Cloud Computing--Installment 5: Securing Against Cloud-Related Insiders
08/27/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss how to secure against rogue administrators at the cloud level.
Insider Threats Related to Cloud Computing--Installment 4: Using the Cloud to Conduct Nefarious Activity
08/20/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss cloud-related employees who use cloud services to carry out attacks.
Insider Threats Related to Cloud Computing--Installment 3: Insiders Who Exploit Cloud Vulnerabilities
08/13/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss those that exploit weaknesses introduced by use of the cloud.
Insider Threats Related to Cloud Computing--Installment 2: The Rogue Administrator
08/06/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss cloud administrators who steal information and sabotage IT infrastructure.
Insider Threats Related to Cloud Computing--Installment 1: Introduction
07/31/2012 - insider threat
CERT Insider Threat Center
Bill Claycomb and Alex Nicoll discuss problems and solutions related to insiders in the cloud.
CERT Failure Observation Engine 2.0 Released
07/23/2012 - CERT/CC
Allen Householder
FOE 2.0 applies what we learned from creating BFF version 2.5 for Linux and OS X to improve our fuzzing capabilities on Windows.
Vulnerability Data Archive
07/11/2012 - CERT/CC
Art Manion
Art Manion discusses the 2012 publication of most of the non-sensitive vulnerability information from our vulnerability reports database.
Pay Attention: Are Your Company Secrets at Risk from Insiders?
07/02/2012 - insider threat
CERT Insider Threat Center
Insider Threat team members provide analysis and mitigation strategies related to the theft of intellectual property.
AMD Video Drivers Prevent the Use of the Most Secure Setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)
06/06/2012 - CERT/CC
Will Dormann
Will Dormann discusses EMET, an effective way of preventing vulnerabilities from being exploited.
The CERT Insider Threat Center has been busy this spring.
05/31/2012 - insider threat
CERT Insider Threat Center
Insider Threat Center members describe highlights of their recent accomplishments and provide a preview of future plans.
CERT Basic Fuzzing Framework 2.5 Released
04/30/2012 - CERT/CC
Allen Householder
Allen Householder describes features available in BFF 2.5.
CERT Linux Triage Tools 1.0 Released
04/25/2012 - CERT/CC
Jonathan Foote
Jonathan Foote describes a GNU Debugger extension that classifies Linux applications by severity.
CERT Failure Observation Engine 1.0 Released
04/23/2012 - CERT/CC
David Warren
David Warren describes features available in FOE 1.0.
Vulnerability Severity Using CVSS
04/12/2012 - CERT/CC
Art Manion
Art Manion announces that CVSS metrics are now available in US-CERT Vulnerability Notes.
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
03/23/2012 - insider threat
CERT Insider Threat Center
The Insider Threat Center announces the publication of a book about insider cybercrimes.
Insiders and Organized Crime
02/15/2012 - insider threat
CERT Insider Threat Center
The Insider Threat Center has released a publication that defines malicious insiders and organized crime.
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage
01/26/2012 - insider threat
CERT Insider Threat Center
The Insider Threat Center has released an insider threat control designed to detect a malicious insider.
CNAME flux
01/05/2012 - CERT/CC
Jonathan Spring
Jonathan Spring and Leigh Metcalf discuss their work in DNS and an unconventional use of CNAME records.
Preparing for Negative Workplace Events - Managing Employee Expectations
12/15/2011 - insider threat
CERT Insider Threat Center
Randy Trzeciak discusses the impact an organization's actions can have on employees and how technology can be used to protect organizational assets.
Insider Threat Controls
11/16/2011 - insider threat
CERT Insider Threat Center
The Insider Threat lab announces a new control, technical report, and a video.
Data Exfiltration and Output Devices - An Overlooked Threat
10/17/2011 - insider threat
CERT Insider Threat Center
George Silowash discusses how printouts and devices that allow for extraction of digital information to paper can pose a security risk to organizations.
Challenges in Network Monitoring above the Enterprise
09/23/2011 - CERT/CC
Andrew Kompanek
Andrew Kompanek discusses whether large-scale network security monitoring is worth the effort.
The CERT Insider Threat Database
08/15/2011 - insider threat
CERT Insider Threat Center
Randy Trzeciak discusses the types of data CERT collects, analyses, and uses in its Insider Threat Database.
Theft of Intellectual Property and Tips for Prevention
07/21/2011 - insider threat
CERT Insider Threat Center
We discuss methods that insiders use to steal information so that organizations can improve controls that protect their intellectual property.
Insider Threat Deep Dive: Theft of Intellectual Property
06/27/2011 - insider threat
CERT Insider Threat Center
Chris King discusses patterns in the ways insiders act, and his team has separated these patterns into three main categories.
Signed Java and Cisco AnyConnect
06/09/2011 - CERT/CC
Will Dormann
Will Dormann discusses how Cisco addressed the vulnerabilities in its AnyConnect ActiveX and Java clients.
Effectiveness of Microsoft Office File Validation
05/19/2011 - CERT/CC
Will Dormann
Will Dormann tests the effectiveness of Office File Validation in protecting against attacks using malformed files.
Insider Threat and Physical Security of Organizations
05/10/2011 - insider threat
CERT Insider Threat Center
This post reviews several real-case examples of physical security issues and physical security controls.
A Security Comparison: Microsoft Office vs. Oracle Openoffice
04/13/2011 - CERT/CC
Will Dormann
Will Dormann discusses the results of a test that compares the fuzzing resiliency of Office and Oracle OpenOffice.
Insider Threat Best Practices from Industry
04/06/2011 - insider threat
CERT Insider Threat Center
George Silowash discusses some of the strategies that organizations are using to address insider threats.
Announcing the CERT Basic Fuzzing Framework 2.0
02/28/2011 - CERT/CC
Allen Householder
Allen Householder announces the release of BFF 2.0 and describes improvements and new features.
Insider Threats in the Software Development Lifecycle
02/23/2011 - insider threat
CERT Insider Threat Center
In this post, we examine some recent cases involving developers who became malicious insiders.
02/14/2011 - CERT/CC
Markus De Shon
Matthew Heckathorn publishes a report that discusses network monitoring and identifying and preventing attacks at the network level.
Blog Reorganization
02/11/2011 - CERT/CC
Chad Dougherty
The Vulnerability Analysis blog is renamed CERT/CC and includes content from other technical teams at CERT.
Insider Threat Case Trends of Technical and Non-Technical Employees
01/26/2011 - insider threat
CERT Insider Threat Center
This post focuses on the role malicious insiders typically hold in an organization.
Insider Threat Case Trends for Employee Type and Employment Status
12/21/2010 - insider threat
CERT Insider Threat Center
This post discusses if current employees, former employees, or contractors are more likely to commit insider threat crimes.
Upcoming Insider Threat Presentations
12/06/2010 - insider threat
CERT Insider Threat Center
Insider Threat Center team members list the presentations they will be making at upcoming events and conferences.
Interesting Insider Threat Statistics
10/25/2010 - insider threat
CERT Insider Threat Center
Joji Montelibano provides statistics that illustrate the severity of losses due to cyber crime.
A Threat-Centric Approach to Detecting and Preventing Insider Threat
10/11/2010 - insider threat
CERT Insider Threat Center
Chris King discusses how threat-focused monitoring/auditing strategies help prevent malicious insiders from accessing confidential information.
CERT Basic Fuzzing Framework Update
09/22/2010 - CERT/CC
Will Dormann
Will Dormann describes new functionality and performances improvements available in BFF 1.1.
Insider Threat Deep Dive: IT Sabotage
09/22/2010 - insider threat
CERT Insider Threat Center
Chris King describes patterns in the ways insiders act and categorizes the patterns of crime into three main areas.
Welcome to the Insider Threat Blog
09/08/2010 - insider threat
CERT Insider Threat Center
Dawn Cappelli introduces the Insider Threat blog, which is intended to address issues related to insider threat in a timely manner.
Study of Malicious Domain Names: TLD Distribution
08/31/2010 - CERT/CC
Chad Dougherty
Aaron Shelmire describes research into the characteristics of malicious network touchpoints.
CERT Basic Fuzzing Framework
05/26/2010 - CERT/CC
Will Dormann
Will Dormann discusses how to use BFF to discover vulnerabilities through mutational dumb fuzzing.
Top-10 Top Level and Second Level Domains Found in Malicious Software
03/05/2010 - CERT/CC
Chad Dougherty
Ed Stoner and Aaron Shelmire discuss statistics published on botnet Command & Control channels.
Plain Text Email in Outlook Express
11/13/2009 - CERT/CC
Will Dormann
Will Dormann recommends avoiding configuring Outlook Express and similar products to read all messages in plain text.
Managing IPv6 - Part 2
10/06/2009 - CERT/CC
Ryan Giobbi
Ryan Giobbi describes ways that administrators can secure their networks and test securing and disabling IPv6.
Managing IPv6 - Part 1
08/19/2009 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses how to securely configure the IPv6 protocol on selected operating systems.
Internet Explorer Kill-Bits
07/31/2009 - CERT/CC
Will Dormann
Will Dormann discusses killbit, a MS Windows registry value that prevents an ActiveX control from being used by Internet Explorer.
Mitigating Slowloris
07/01/2009 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses Slowloris, a denial-of-service tool that targets web servers.
Vulnerabilities and Attack Surface
06/25/2009 - CERT/CC
Will Dormann
Will Dormann discusses vulnerabilities in Adobe Reader and Foxit Reader PDF-viewing applications.
Release of Dranzer ActiveX Fuzzing Tool
04/16/2009 - CERT/CC
Will Dormann
Will Dormann announces the release of Dranzer, a CERT tool developed to test ActiveX controls.
Bypassing Firewalls with IPv6 Tunnels
04/02/2009 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses how functional IPv6 tunneling protocols can be used to bypass IPv4-only firewalls and ACLs.
Conficker.C:  How Many Are There?
03/31/2009 - CERT/CC
Sidney Faber
Sid Faber discusses the Conficker worm and provides updated statistics on the Conficker.C variant.
Windows Installer Application Resiliency
03/13/2009 - CERT/CC
Will Dormann
Will Dormann discusses how the application resilience feature of Windows Installer can undo steps taken to mitigate a vulnerability.
Internet Explorer Vulnerability Attack Vectors
02/19/2009 - CERT/CC
Will Dormann
Will Dormann discusses attacks on Internet Explorer 7 vulnerability and less-obvious security impacts of the techniques used.
Reference Implementations for Securing Your Web Browser Guidelines
01/09/2009 - CERT/CC
Will Dormann
Will Dormann describes reference implementations of the "Securing Your Web Browser" guidelines for IE and Firefox.
Recommendations to Vendors for Communicating Product Security Information
11/20/2008 - CERT/CC
Chad Dougherty
Chad Dougherty offers advice to vendors about communicating product security issues.
Filtering ICMPv6 Using Host-Based Firewalls
11/07/2008 - CERT/CC
Ryan Giobbi
Ryan Giobbi provides recommendations for filtering ICMPv6 types using Linux ip6tables and Microsoft Vista's advfirewall.
Reported Vulnerability in CERT Secure Coding Standards Website
10/29/2008 - CERT/CC
Will Dormann
Will Dormann debunks a previously reported vulnerability in the CERT Secure Coding Standards website.
Ping Sweeping in IPv6
09/12/2008 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses how ping sweeping on the local network is easier in IPv6 than in IPv4.
Carpet Bombing and Directory Poisoning
09/04/2008 - CERT/CC
Will Dormann
Will Dorman discusses how carpet bombing affects all web browsers, not just Google Chrome.
Safely Using Package Managers
07/10/2008 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses safety practices when using package managers to automate the process of installing and removing software packages.
ActiveX Vulnerability Discovery at the CERT/CC
07/03/2008 - CERT/CC
Will Dormann
Will Dormann describes how his team often discovers vulnerabilities while they test ActiveX controls.
Signed Java Applet Security: Worse than ActiveX?
06/03/2008 - CERT/CC
Will Dormann
Will Dormann discusses the security implications of using Java applets.
Is Your Adobe Flash Player Updated?
05/29/2008 - CERT/CC
Will Dormann
Will Dormann discusses the importance of ensuring that you are using the latest version of Flash Player.
Who Has My Cookies?
05/15/2008 - CERT/CC
Ryan Giobbi
Ryan Giobbi discusses how technology can be exploited to expand the impact of a cross-site scripting attack.
The Dangers of Windows AutoRun
04/24/2008 - CERT/CC
Will Dormann
Will Dormann discusses how malicious code was being executed in infected digital picture frames and investigated the Microsoft AutoRun and AutoPlay features.
Vulnerability Analysis at the CERT/CC
04/17/2008 - CERT/CC
Art Manion
Art Manion discusses his team's intentions and goals to use the CERT/CC blog to help reduce software vulnerabilities.
View all