The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Truth is SCARIER than Fiction Redux

    October 30, 2014, Mike Weber, Managing Director, Coalfire Labs

    Mike Weber

    Yes... To be honest, although we really do some neat stuff here at Coalfire Labs that can be pretty scary, I’ve got to give a shout out to “reality” for being even scarier than any emulated attack we could possibly develop.  The astounding number of data breaches announced this year is just shocking, really.  It really felt like there was a new one every month.  As it turns out, there was!  Even more than that on average, as we’ve had at least 14 of them over a 10 month span. Read More

    Posted in: cloud, credit cards, cybersecurity, danger, hacking, Halloween, keylogging, labs, password, penetration, retail, risk, security, theft | 0 Comments

  • IT Security Horror Story: Is your Network an Unsegmented Haunted House?

    October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs

    Mark Manousogianis

    One day I went to a client site to perform internal penetration test to emulate the insider threat. This testing was designed to help this client understand the damage a rogue employee or an intruder who gained physical access to the network could do.  The site that I was visiting was a storefront and had public WiFi.  I told the store staff who I was there to meet, and while I waited for the client to become available I connected to the public WiFi just to have a look. Read More

    Posted in: Dangers, hacking, Halloween, horror, IT, labs, LAN, of, Phising, privacy, program, security, story, Wifi | 0 Comments

  • IT Security Horror Story: Digging your own grave with Default Credentials

    October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs

    Mark Manousogianis

    I recently performed a penetration test that really required no “hacking skills” whatsoever. I was able to obtain domain administrator rights simply by logging into web applications and network hardware using default credentials. Read More

    Posted in: access, hacking, Halloween, Horror, IT, keylogging, Labs, passwords, Phishing, Story, wireless | 0 Comments

  • IT Security Horror Story: Slow Network, Big Phish

    October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs

    Mark Manousogianis

    It was a typical morning, just like any other for Annie. She arrived at the office just in time to fill her coffee mug and get to her desk to read her email that had been piling up since Friday. After reading through the standard office wide emails she came across one from the help desk. Read More

    Posted in: hacking, Halloween, Horror, IT, keylogging, Labs, Phishing, privacy, risk, security, Spooky, Stories, Story | 0 Comments

  • Dude, where's my car?

    October 24, 2014, Nick Nam, Senior Penetration Tester, Coalfire Labs

    Nick Nam

    Hands-free calling via Bluetooth was first introduced to vehicles in 2004, and the USB port was introduced in 2006.  Web technologies, wireless connectivity, app stores, and smart phone integration has seen explosive rises in popularity over the last few years.  As the capabilities of consumer electronics and software continues to grow, so too does our demand for its availability.  Fridges can tweet, sprinkler systems can tune themselves to weather forecasts, and vehicles can stream HD videos over wireless connections.  This availability of utility coupled to the physical world introduces entirely new vectors of not only use, but also of abuse.  In order for these physical things to provide utility, they need to be increasingly more powerful, modular, capable; the ability to process unknown, potentially malicious data and input is of grave concern and yet absolutely essential to consumer usability. Read More

    Posted in: appsec, automotive, hacking, labs, mobile, pentesting, risk, security | 0 Comments

  • Displaying results 1-5 (of 144)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 
Follow us to get the latest updates.