Author
 John H. Sawyer

Profile of John H. Sawyer

Contributing Writer, Dark Reading
News & Commentary Posts: 272
Articles by John H. Sawyer

The IPS Makeover

1/28/2014
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?

Post a Comment

Blocking Zero Days With EMET 2.0

10/6/2010
Few security products I've used over the years are ones I would run on a Windows system on a daily basis. Of course, that would require me to run Windows on a daily basis, but if I did and I used it for daily activities like Web browsing, e-mail, etc., I wouldn't do so without the Microsoft Mitigation Experience Toolkit (EMET).

Post a Comment

Web-Based Spam Detection With Google Alerts

9/22/2010
Search engines are great, powerful tools. They can help find an answer when you've tried everything you can think of. They can also help find information about a company you may be performing a penetration test on.

Post a Comment

Relying On Tools Makes You Dumber

9/13/2010
It takes a lot of time and effort to stay up on the latest vulnerabilities, attacks, and tools. Often, we in the security field rely on tools to automate parts of a vulnerability assessment or penetration test, but our testing should never rely only on the tools. If all we ran were some tools and blindly trusted their output,then we would be no better than your average script kiddie.

Post a Comment

Finding Exposed Devices On Your Network

9/1/2010
When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?

Post a Comment

Gaining A Foothold By Exploiting VxWorks Vulns

8/13/2010
The VxWorks vulnerabilities recently announced in Las Vegas during the BSides and Defcon security conferences have opened a can of worms for hundreds of vendors, and even more consumers and companies using the vulnerable products -- the majority of whom have no idea they're vulnerable and potentially exposed to external attackers.

Post a Comment

Protecting Your Network From The Unpatchable

8/10/2010
When I first saw the F-Secure blog post on installing Microsoft's fix for the LNK vulnerability on a Windows XP SP2 host, I couldn't help but ask, "Why?" Seriously. Why would anyone running a Windows XP host not be running with the latest service pack and security updates? And then it hit me.

Post a Comment

Data Visualization For Faster, More Effective Pen Testing

8/5/2010
"Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage" was the last discussion I attended at Defcon. It was a fun talk that demonstrated interesting applications from visualization tools, like Maltego and Google Maps, to track information available through Twitter and Facebook.

Post a Comment

Using The 36 Stratagems For Social Engineering

8/3/2010
I attended several great presentations during last week's BSides and Defcon. HD's VxWorks, egyp7's phpterpreter, and David Kennedy's SET talks were a few of my favorites, with great content and demos, but one that I found especially refreshing and fun was Jayson Street's "Deceiving the Heavens to Cross the Sea: Using the 36 Stratagems for Social Engineering."

Post a Comment

VxWorks Vulnerability Tools Released

8/2/2010
If you haven't started scanning your network for UDP port 17185, then you better start now. This past week at BSides Las Vegas and Defcon, HD Moore, CSO of Rapid7 and Metasploit chief architect for the Metasploit project, demonstrated an exploit against VxWorks that affects hundreds of products from many different manufacturers.

Post a Comment

Real-World Attacks With Social Engineering Tookit

7/30/2010
Social engineering has always been a penetration tester's (and hacker's) most effective tool. I would say it's their best weapon, but not everyone is good at the softer, human side of social engineering. However, when it comes to the technical side, the tools are getting better and better, including the latest version of the Social Engineering Toolkit released at BSides Las Vegas on Wednesday.

Post a Comment

Conquering Large Web Apps With Solid Methodology

7/21/2010
This is one of those weeks where I'm trying to wrap up as much as possible before I'm out of the office for Black Hat, BSides, and Defcon. One of those things on my list is a Web application assessment for a client that's a monstrous, open-source beast with subapplications bolted on from all over the place and tons of places for vulnerabilities to hide.

Post a Comment

Detection And Defense Of Windows Autorun Locations

7/19/2010
As an incident responder and forensic investigator, there's a truth we expect malware to always follow: Persistence is a must to survive. OK, exceptions exist. But the general rule of thumb is that malware seeks to persist, and it will hook itself into common areas on a victim Windows machine to do so.

Post a Comment

Friction-Free Security

7/12/2010
As security professionals, we want our network to be as secure as possible. The exception is if we're hired to break into it, but even then our job is to help secure the network to prevent future break-ins. The problem is that in securing our networks, it's easy to forget about the user and the "business."

Post a Comment

Virtual Machines For Fun, Profit, And Pwnage

7/2/2010
Virtualization has turned the IT world upside down. It is used everywhere these days, from desktops to servers and data centers to the "cloud." It has also presented itself as a double-edged sword to security professionals.

Post a Comment

Protecting SSH From The Masses

6/30/2010
SSH brute-force attacks are not uncommon against computer systems sitting on public IP addresses. Script kiddies and botnet-infected systems are scanning the Internet looking for low-hanging fruit (think: weak passwords) to leverage for additional attacks, website defacements, or attack-tool storage.

Post a Comment

Real-Life Social Engineering

6/18/2010
Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives.

Post a Comment

Snort'ing Out Anomalies

6/14/2010
Detecting determined attackers focused on getting your data -- and getting away with it is not an easy task. To that end, many security products have been created that attempt everything from separation of privileges and tight access control to full network packet inspection and data loss prevention.

Post a Comment

Ways To Slow An Attacker

6/9/2010
The inevitability of failure in security has been up for discussion a lot during the past couple of years. It's a mentality that a lot of security professionals have subscribed to because of various reasons: proliferation of malware, user behavior, advanced persistent threat (APT), or simply Murphy's Law.

Post a Comment

Not Too Late To Learn From Defcon CTF Qualifiers

5/26/2010
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.

Post a Comment

Defense-In-Depth Via Cloud Security Services

5/24/2010
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.

Post a Comment
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report