The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • IT Security Horror Story: Digging your own grave with Default Credentials

    October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs

    I recently performed a penetration test that really required no “hacking skills” whatsoever. I was able to obtain domain administrator rights simply by logging into web applications and network hardware using default credentials.

    Read more
  • A billion reasons to enhance your penetration testing

    August 20, 2014, Mike Weber, Vice President, Coalfire Labs

    There are so many questions regarding those leaked Russian passwords. Is this for real? What sites are on that list? How can you tell if your site’s users are in the “Russian Billion”? Isn’t this just a matter of changing user passwords? Bottom line:  As a company with websites that have user accounts, what should you do?

    Read more
  • War on Passwords? Check with Your QSA First!

    March 14, 2013, Matt Getzelman, PCI Practice Director

    Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we don’t see a password breach in the news.

    Read more

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags