Author
 Tim Rohrbaugh
RSS
E-Mail

Profile of Tim Rohrbaugh

VP Information Security, Intersections Inc.
News & Commentary Posts: 2
Tim Rohrbaugh is an information security practitioner who used military (comsec) experience to transition, in the mid 90’s, to supporting Government Information Assurance (IA) projects. While splitting time between penetration testing and teaching at DISA, Mr. Rohrbaugh developed the passion and approach for security design and management that he uses effectively today in the Chief Information Security Officer role at a public financial services company. Before joining his current company, almost 10 years ago, he was the CIO of a private consulting firm where he lead the Centers of Excellence, which included managed security services and furthered the goal of integrating information security into the development life cycle (novel idea at the time). Mr. Rohrbaugh currently serves on the board for the Online Trust Alliance where he provides strategic advice from technical and corporate governance prospective with the goal of strengthening the bonds of trust between consumers and concerned businesses. He lives in the Virginia countryside with his wife and children.
Articles by Tim Rohrbaugh
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio