Enabling Clients to Cope with ASV Scans
February 22, 2019, Marco Brown, Associate, CoalfireOne Scanning Services
Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use.
Compensating Controls: When Patching Isn’t an Option
February 04, 2019, Steve Durham, Consultant, CoalfireOne Scanning Services
Your software vendor is asleep at the wheel and your devs still need that legacy daemon.
The HOW, WHY, and HUH? Blog on Disputes
January 30, 2019, Travis Finn, Consultant, CoalfireOne Scanning Services
As you may know, performing vulnerability scans is a requirement for PCI DSS compliance. One of those specific requirements, described in section 11.2.2, states that quarterly external scanning must be done by a qualified Approved Scanning Vendor. Coalfire just so happens to be an ASV, so if you need these scans we would happily oblige!
Epic Holiday Cookie Baking
December 21, 2018, Jim Allee, Senior Consultant, Coalfire
IoT Adventures: The LeFun WiFi Camera
October 03, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire
Recently I happened to be in the market for a baby monitor, so I decided to search Amazon for an affordable device that would fit my needs. A search for “baby monitor” within the “electronics” department brought me to the LeFun WiFi Camera. For $39.99 (at the time of my purchase), this seemed like it could be a good deal. Knowing the reputation of Internet of Things (IoT) devices, I was curious about its security. This was addressed in the product description with the guarantee that when I connect to any device, it will be via a “secure and safe network” and will be secured with “financial-level encryption.” It also boasts that they are “CE, FCC, and RoHS certified,” which is good, despite those certifications only dealing with safety and not information security.