ScriptRock Blog

ScriptRock Update: Data Visualization, Group Differencing, and Search

We've just released a sweeping update to ScriptRock. It's really, really big– we've changed the core visualization of our product and added large features that seemed impossibly ambitious when we started. For all the changes, the unifying purpose of every feature in ScriptRock remains the same: to empower developers and administrators to know what they have so they can maintain quality in complex, changing environments.

Read More

The Lucrative Rewards of Hacking Higher Education


In a news flash buried beneath a slew of other notable security news items, UCLA Health revealed last week it was the victim of a massive data breach that left 4.5 million patient records compromised. Like previous attacks on Anthem and Premera Blue Cross, the intrusion gave hackers access to highly sensitive information: patient names, addresses, date of births, social security numbers, medical conditions, and more. And while matters around healthcare IT have taken center stage as of late, the ineffective security at leading institutions of higher education and research is equally distressing.

Read More

Your Secret's Safe With No One: Lessons Learned From The Ashley Madison Hack

For those of you harboring secrets behind a website paywall, a word of warning: your skeletons are now easy targets for cyber criminals and nefarious 3rd parties around the globe. The recent data breach and compromise of 3.5 million Ashley Madison user accounts may turn out to be largest case of broad-scale extortion the world has ever seen, but for many—the outcome is hardly surprising.

Read More

Fixing Oracle's Latest Zero-Day and 193 Other Vulnerabilites

Oracle released a critical patch on Tuesday to fix a whopping 193 new security vulnerabilities across its line of database solutions and products. Included in the update are fixes to 25 vulnerabilities in the Java platform alone, including a new high-risk, zero-day vulnerability already used in several high-profile, yet-to-be publicized attacks.

Read More

Could Bad Configuration Management Spell The End For Big Finance?

Good configuration management (CM) makes the world go 'round, misconfigurations makes it grind to a halt. If in doubt, consider for a moment that in the last couple years CM issues have crashed an Airbus, leveled a billion dollar financial firm, and somewhat surprisingly—disrupted the cloud services of one of the world’s largest technology companies.

Read More

How To Fix The OpenSSL Alternate Chains Certificate Forgery Bug

The OpenSSL Project Team announced a high severity bug in their open source implementation of SSL today that could allow the bypassing of checks on untrusted certificates (read: man-in-the-middle attacks). Find out which versions of OpenSSL are impacted, and what you need to patch this critical vulnerability.

Read More

What You Need To Know About The Leap Second Bug

For those of you planning on enjoying the sunset on June 30, 2015an extra second of bliss awaits, compliments of the Earth’s inconsistent wobble. However, if Y2K sent you running for the hills, start packing again.

Analysts predict technological fallout ranging from undeliverable tweets to outright digital armageddon, but for faithful IT folks with more grounded concerns like SLAs and business continuity, keeping critical systems up and running trump all other concerns. Fortunately, resolving potential issues related to the Leap Second Bug is a fairly straightforward matter—as long as you know what to look for and where to find it.

Read More

Full Stack Blues: Exploring Vulnerabilities In The MEAN Stack

Full stack development is all the rage these days, and for good reason: developers with both front-end web development skills and back-end/server coding prowess clearly offer substantially more value to their respective organizations. The ability to traverse the entire stack competently also makes interacting and cooperating with operations and security an easier affaira key tenet of DevOps culture.

Read More

Sound Security Strategies from Cisco's 2015 Annual Security Report

Networking giant Cisco recently released its Annual Security Report highlighting trends in data breaches and threats from the previous year, and its findings—while similar to other recent reports (e.g., Verizon DBIR, Trend Micro Security Roundup)—offer some unique insights regarding the current threat landscape. No stranger to IT security, Cisco details in its report shifting patterns in cyberattack methods, emerging vulnerabilities, and best practices on how to mitigate future threats.

Read More

Congrats Golden State Warriors, You’ve Just Become Cybercrime Target #1

Sports is big business, and where money and competition collidelaws will be broken. This aptly describes the latest hack involving the St. Louis Cardinals and Houston Astros, though admittedlyit sounds more like a teaser for a Hollywood blockbuster. Corporate espionage in sports has largely been a nascent phenomenon but will soon become commonplace as intrusion methods grow in sophistication and data moves into the cloud.

Read More

About Us

We make a no-nonsense platform for maintaining consistency across environments. You can try it for free because we like you.

Subscribe to ScriptRock's DevOps Blog