The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Social Engineering- Beyond the Baseline

    December 15, 2014, Brandon Edmunds, Senior Security Consultant, Coalfire Labs

    Coalfire Labs does a lot of Social Engineering testing. Traditional Social Engineering testing involves a mundane process of taking a sample of a population and then attacking those “targets” with some pretext calls or a phishing email in order to obtain credentials. Metrics are recorded and then reported back in some form of a deliverable, usually a report. As an example, in a standard Social Engineering engagement, we had a Pretext Calling campaign that included a target selection of 10 users. We made 10 phone calls and talked three of the targeted people out of their passwords.

    Read more
  • Whether you are a large or small business, beware of these 5 common security problems

    March 11, 2013, Mike Weber, Vice President, Coalfire Labs

    Every January, the trade press if full of new year’s resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and accounts from being breached.  While larger companies may feel they can skip some of these steps, and still remain safe, TJX, the parent company of T.J. Maxx and Marshalls learned the hard way the damages a breach can cause.  Information from up to tens of millions of credit and debit cards was stolen costing TJX millions of dollars to get the problem under control.  With this in mind, here is a list of five issues companies are prone to make, and ways to avoid negative ramifications.

    Read more
  • Creative Ideas for Replacing Passwords

    March 08, 2013, Mike Weber, Vice President, Coalfire Labs

    Passwords have been the de facto manner of providing security for IT systems.  They’ve got a bad reputation, but it’s not the passwords themselves that deserve the reputation – it’s the individuals using them and the weak standards to which these passwords are managed.  In fact, a password system implemented in a secure manner – long and complex passwords that change periodically – can be (virtually) uncrackable.  However, a typical user isn’t apt to embrace a system that requires 15 characters or more (including numbers, upper and lower case, and special characters) and needs to change every two to four weeks.  

    Read more
  • Penetration Testing Frequently Asked Questions

    October 29, 2012, Mike Weber, Vice President, Coalfire Labs

    You may have noticed this recent article about Google’s contest that rewarded a hacker for discovering a vulnerability in Chrome. Once Google verified the vulnerability, they were able to fix the bug and issue the cash prize to the hacker. This is a very public example similar to what Coalfire Labs does every day - working with security leaders to test their security programs.

    Read more

Recent Posts

Post Topics


RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)