Author
 John H. Sawyer
RSS
E-Mail

Profile of John H. Sawyer

Contributing Writer, Dark Reading
News & Commentary Posts: 272
Articles by John H. Sawyer

The IPS Makeover

1/28/2014
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?

Post a Comment

Blocking Zero Days With EMET 2.0

10/6/2010
Few security products I've used over the years are ones I would run on a Windows system on a daily basis. Of course, that would require me to run Windows on a daily basis, but if I did and I used it for daily activities like Web browsing, e-mail, etc., I wouldn't do so without the Microsoft Mitigation Experience Toolkit (EMET).

Post a Comment

Web-Based Spam Detection With Google Alerts

9/22/2010
Search engines are great, powerful tools. They can help find an answer when you've tried everything you can think of. They can also help find information about a company you may be performing a penetration test on.

Post a Comment

Relying On Tools Makes You Dumber

9/13/2010
It takes a lot of time and effort to stay up on the latest vulnerabilities, attacks, and tools. Often, we in the security field rely on tools to automate parts of a vulnerability assessment or penetration test, but our testing should never rely only on the tools. If all we ran were some tools and blindly trusted their output,then we would be no better than your average script kiddie.

Post a Comment

Finding Exposed Devices On Your Network

9/1/2010
When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?

Post a Comment

Gaining A Foothold By Exploiting VxWorks Vulns

8/13/2010
The VxWorks vulnerabilities recently announced in Las Vegas during the BSides and Defcon security conferences have opened a can of worms for hundreds of vendors, and even more consumers and companies using the vulnerable products -- the majority of whom have no idea they're vulnerable and potentially exposed to external attackers.

Post a Comment

Protecting Your Network From The Unpatchable

8/10/2010
When I first saw the F-Secure blog post on installing Microsoft's fix for the LNK vulnerability on a Windows XP SP2 host, I couldn't help but ask, "Why?" Seriously. Why would anyone running a Windows XP host not be running with the latest service pack and security updates? And then it hit me.

Post a Comment

Data Visualization For Faster, More Effective Pen Testing

8/5/2010
"Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage" was the last discussion I attended at Defcon. It was a fun talk that demonstrated interesting applications from visualization tools, like Maltego and Google Maps, to track information available through Twitter and Facebook.

Post a Comment

Using The 36 Stratagems For Social Engineering

8/3/2010
I attended several great presentations during last week's BSides and Defcon. HD's VxWorks, egyp7's phpterpreter, and David Kennedy's SET talks were a few of my favorites, with great content and demos, but one that I found especially refreshing and fun was Jayson Street's "Deceiving the Heavens to Cross the Sea: Using the 36 Stratagems for Social Engineering."

Post a Comment

VxWorks Vulnerability Tools Released

8/2/2010
If you haven't started scanning your network for UDP port 17185, then you better start now. This past week at BSides Las Vegas and Defcon, HD Moore, CSO of Rapid7 and Metasploit chief architect for the Metasploit project, demonstrated an exploit against VxWorks that affects hundreds of products from many different manufacturers.

Post a Comment

Real-World Attacks With Social Engineering Tookit

7/30/2010
Social engineering has always been a penetration tester's (and hacker's) most effective tool. I would say it's their best weapon, but not everyone is good at the softer, human side of social engineering. However, when it comes to the technical side, the tools are getting better and better, including the latest version of the Social Engineering Toolkit released at BSides Las Vegas on Wednesday.

Post a Comment

Conquering Large Web Apps With Solid Methodology

7/21/2010
This is one of those weeks where I'm trying to wrap up as much as possible before I'm out of the office for Black Hat, BSides, and Defcon. One of those things on my list is a Web application assessment for a client that's a monstrous, open-source beast with subapplications bolted on from all over the place and tons of places for vulnerabilities to hide.

Post a Comment

Detection And Defense Of Windows Autorun Locations

7/19/2010
As an incident responder and forensic investigator, there's a truth we expect malware to always follow: Persistence is a must to survive. OK, exceptions exist. But the general rule of thumb is that malware seeks to persist, and it will hook itself into common areas on a victim Windows machine to do so.

Post a Comment

Friction-Free Security

7/12/2010
As security professionals, we want our network to be as secure as possible. The exception is if we're hired to break into it, but even then our job is to help secure the network to prevent future break-ins. The problem is that in securing our networks, it's easy to forget about the user and the "business."

Post a Comment

Virtual Machines For Fun, Profit, And Pwnage

7/2/2010
Virtualization has turned the IT world upside down. It is used everywhere these days, from desktops to servers and data centers to the "cloud." It has also presented itself as a double-edged sword to security professionals.

Post a Comment

Protecting SSH From The Masses

6/30/2010
SSH brute-force attacks are not uncommon against computer systems sitting on public IP addresses. Script kiddies and botnet-infected systems are scanning the Internet looking for low-hanging fruit (think: weak passwords) to leverage for additional attacks, website defacements, or attack-tool storage.

Post a Comment

Real-Life Social Engineering

6/18/2010
Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives.

Post a Comment

Snort'ing Out Anomalies

6/14/2010
Detecting determined attackers focused on getting your data -- and getting away with it is not an easy task. To that end, many security products have been created that attempt everything from separation of privileges and tight access control to full network packet inspection and data loss prevention.

Post a Comment

Ways To Slow An Attacker

6/9/2010
The inevitability of failure in security has been up for discussion a lot during the past couple of years. It's a mentality that a lot of security professionals have subscribed to because of various reasons: proliferation of malware, user behavior, advanced persistent threat (APT), or simply Murphy's Law.

Post a Comment

Not Too Late To Learn From Defcon CTF Qualifiers

5/26/2010
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.

Post a Comment

Defense-In-Depth Via Cloud Security Services

5/24/2010
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.

Post a Comment
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant