Information Technology

Stages of Vulnerability Disclosure

This article attempts to give an overview of how IT vulnerabilities are categorized during their life-cycle.  Understanding the terms related to the various stages of IT security vulnerabilities can allow a better understanding of what a proper security policy framework should include.  First lets cover the stages: Unknown – vulnerabilities that exist but nobody knows about them.  The vulnerability is not designed in put into the software or hardware by a malicious actor.  These vulnerabilities are caused by poor implementation.  Software coding standards and software development guidelines attempt to prevent these types of vulnerabilities from happening, but complex constructs in software programming languages are difficult to implement properly can be a large source of vulnerabilities.   Unknown vulnerabilities may be discovered through static code analysis and “fuzzing” (automated testing) by malicious actors, bug hunters, or security threat hunters. Known – once the vulnerability has been discovered, it may fall into…

Read more

Building Your IT Security News Pipeline

If you are responsible for securing a network, you should know that monitoring reliable IT security news is now critical to mitigating threats on your precious goods. Prioritizing that news landscape and rolling out a timely response is also critical to a solid recipe for security. While it is not realistic to expect security architects to have that kind of response time, if you are ignoring IT security news, you  might need those backups you have been diligently maintaining or worse. Building a solid incoming information pipeline requires an analysis of the IT security news landscape.  The most fundamental elements of this landscape includes threat advisories & guidelines, updates to best-practices and standardization recommendations,  and changing legal requirements if they apply to your organizational assets. Threat analysis reports and newly released Common Vulnerability Exposure details (CVEs) are critical secondary elements that relay more detailed information about vulnerabilities affecting specific software. …

Read more

Sources of Red Team Education

What is red-teaming? A important term in IT security context, a red team (red cell) is a group of hackers with various skill-sets, who simulate attacks on the network infrastructure.  By contrast the blue team’s job is to defend the network.  Red teams follow a specific set of rules known as the rules of engagement which stipulate what types of attacks are allowed and points in the attack when they should stop and reporting should be done.  The attacks may employ technical, physical, social or process-based attack vectors.  This intends to cover all aspects of a organization’s security controls such as physical,  administrative, and technical.  The red team helps step 4 of the NIST Risk Management Framework to assess the security controls. Taking the steps of the cyber-kill-chain into account (reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions on objectives), the red team may simply seek to gain reconnaissance…

Read more

What is USPTO Global Dossier?

The UPSTO Global Dossier is a portal to accessing application data from the “IP5” global patent patent offices. Global Dossier functions include: Streamlined applications to multiple international patent offices. Streamline application data access from multiple international offices. Global Dossier integrates with the “IP5” (USPTO, EPO, JPO, KIPO, SIPO) and WIPO The IP5 is comprised of the U.S. Department of Commerce’s United States Patent and Trademark Office (USPTO), the European Patent Office (EPO), the Japan Patent Office (JPO), the Korean Intellectual Property Office (KIPO), and the State Intellectual Property Office of the People’s Republic of China (SIPO). Allow applicants to file a patent application to global patent offices through a single portal. Reduce redundant processes associated with global cross-filing Monitor application process across all offices in a single portal Online access to documents and legal action history of applications Search global patent families Watch the demo below on how to access the…

Read more

How to Install Canvas LMS on Ubuntu 18.04

canvas-lms

Getting  Canvas LMS Pre-installed If you want to skip the installation of Canvas LMS and purchase a pre-installed VPS Canvas already installed, or alternatively, have a secure instance of Canvas LMS hosted on your own domain, please contact me by email  (joseph@ripplesoftware) or via contact page for more details. The full instructions for installing Canvas LMS on your own Ubuntu 18.04 server are below. Installing Canvas LMS on Ubuntu 18.04 8GB of ram is recommended for a server running Canvas LMS. However, it is possible that you can install and run Canvas LMS on a server with only 4GB or less. This installation was done on a Digital Ocean Ubuntu 18.04 VPS. Be sure to point your domain’s name-servers at your correct cloud host and edit your DNS networking so that your domain is pointed at your server before you begin. You can check using nslookup command as shown below….

Read more

Update PHP 7.x to 7.4 CentOS 7 Remi Repo

WordPress 5.4 has been reminding admins to update PHP to 7.4.  Even if you are on PHP 7.1 you will receive the message in your dashboard.  Here are the instructions to upgrade from PHP 7.1 Remi Repo on Centos 7. READ FIRST — IMPORTANT !!! Get a complete backup snapshot of your server before you complete these update steps 1. First thing you should do is do any core OS updates and package updates. # yum update -y   2. Check which version of PHP you are currently running. # php -v PHP 7.1.33 (cli) (built: Oct 26 2019 10:16:23) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies   3. Print a list to see all the PHP packages you have installed. You will need to replace all these packages in PHP 7.4. You should copy this list to a file…

Read more

3D Printing Solutions for COVID-19

A serious potential drawback of the just-in-time economy (JIT) is that when the demand for critical supplies increase sharply, that supply is not immediately available, which in the current corporate cluster-fuck known as COVID-19 leaves our front-line health care staff with a broomstick jammed so far up their arse that you can follow them around like Hansel and Grettel from the ass blood they are hemorrhaging down onto the floor they walk on. Personal protective equipment (PEE) is critical to public health-care staff and sadly many of these hero’s lives have already been lost during the ongoing COVID-19 crisis due to supply chain short comings. In some ways, 3D printing has proven itself to be more agile during this crisis.  For one, the 3D printer allows production of a wider array of products than any other single device.  For example, during the COVID-19 outbreak, 3D printing companies were immediately able…

Read more