ScriptRock Blog

What You Need To Know About The Leap Second Bug

For those of you planning on enjoying the sunset on June 30, 2015an extra second of bliss awaits, compliments of the Earth’s inconsistent wobble. However, if Y2K sent you running for the hills, start packing again.

Analysts predict technological fallout ranging from undeliverable tweets to outright digital armageddon, but for faithful IT folks with more grounded concerns like SLAs and business continuity, keeping critical systems up and running trump all other concerns. Fortunately, resolving potential issues related to the Leap Second Bug is a fairly straightforward matter—as long as you know what to look for and where to find it.

Read More

Full Stack Blues: Exploring Vulnerabilities In The MEAN Stack

Full stack development is all the rage these days, and for good reason: developers with both front-end web development skills and back-end/server coding prowess clearly offer substantially more value to their respective organizations. The ability to traverse the entire stack competently also makes interacting and cooperating with operations and security an easier affaira key tenet of DevOps culture.

Read More

Sound Security Strategies from Cisco's 2015 Annual Security Report

Networking giant Cisco recently released its Annual Security Report highlighting trends in data breaches and threats from the previous year, and its findings—while similar to other recent reports (e.g., Verizon DBIR, Trend Micro Security Roundup)—offer some unique insights regarding the current threat landscape. No stranger to IT security, Cisco details in its report shifting patterns in cyberattack methods, emerging vulnerabilities, and best practices on how to mitigate future threats.

Read More

Congrats Golden State Warriors, You’ve Just Become Cybercrime Target #1

Sports is big business, and where money and competition collidelaws will be broken. This aptly describes the latest hack involving the St. Louis Cardinals and Houston Astros, though admittedlyit sounds more like a teaser for a Hollywood blockbuster. Corporate espionage in sports has largely been a nascent phenomenon but will soon become commonplace as intrusion methods grow in sophistication and data moves into the cloud.

Read More

How Effective Is Your Security Against $50 Million Dollar Malware?

The short answer: it’s not. This was certainly the case for Kaspersky Labs, who announced yesterday that its corporate networks were hacked using a sophisticated advanced persistent threat (APT) dubbed Duqu 2.0. Though the word “sophisticated” is used rather liberally these days when describing data breaches, this new threat is by all accounts the most advanced of its kind.

Read More

Which Web Programming Language Is The Most Secure?

The question is indeed a contentious one, never failing to incite heated arguments from all camps. Many ways exist to cut the cake in this regardWhiteHat Security took a stab at it in a recent edition of its Website Security Statistics Report, where it analyzed statistics around web programming languages and their comparative strengths in security.

Read More

Rolling Your Own Continuous Security Toolchain

When it comes to IT security, how do you roll? Many tools exist, but the fact is that in most cases, to do it right— you have to roll your own. This is especially true in today’s environments, where infrastructures can vary widely in composition from organization to organization. The truth is that factors such as degree of DevOps and Agile adoption, skill set of IT staff, corporate culture, and even line of business come into play when crafting a security solution for an organization. How well these tools align with the organization ultimately dictate the success and failure of a company’s security architecture. And when existing tools don’t fit or don’t work well, sometimes the only option is to build them yourself.

Read More

Database Node Type Now Available in ScriptRock

Databases—like all IT assets—are subject to drift that can wreak serious havoc across an organization’s infrastructure. Furthermore, the usual suspects are in play when it comes to database drift: manual ad-hoc changes, frequent software updates/patches, and general entropy, among others. Undetected malicious activity and attempts to compromise database security are also growing causes of database configuration drift. Monitoring for these unexpected changes should therefore be a critical component of any information-driven organization’s configuration management (CM) activities. To this end, ScriptRock is happy to announce that support for database node types is now available.

Read More

Rethinking Information Security To Battle POS RAM-Scraping Malware

Home Depot. Target. Neiman Marcus. Albertsons. Michaels. Most Americans have shopped at one of these national chains recently. If you’re one of them, your credit card information may already be on the black market. And if you’re a retailer using a POS system, proposed legislation like the The Consumer Privacy Protection Act may hold you financially accountable in the event of a data breach. Here’s the skinny on RAM scraping, and what can be done to prevent it.   

Read More

Why Security Needs DevOps: OpenSSL and Beyond

On March 18, 2015, system administrators and developers received ominous news: two high severity vulnerabilities in OpenSSL would be announced the next day. Since Heartbleed, OpenSSL had been on a bad streak, and it looked like things were only going to get worse. Operations, development, and security teams braced for impact and then– it wasn't really that bad.

Read More

About Us

We make a no-nonsense platform for maintaining consistency across environments. You can try it for free because we like you.

Subscribe to ScriptRock's DevOps Blog