The most magnificent thing about Vulnerabilities and who is behind the magic. What I like the most about software vulnerabilities is how “vulnerability”, as a quality of a real object (and the computer program is real), literally appears from nothing.
Let’s say we have a fully updated server. We turn it off, lock it in a safe and forget about it for half a year. Six months later, we get it, turn it on. It is the same and works absolutely the same. But now it is also exposed to dozens of critical vulnerabilities that, with some (un)luck, can be exploited by any script kiddie. New important characteristic of the material object appeared from nowhere, isn’t this magnificent? ?
First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes. Docker and containerization are literally everywhere. IMHO, this changes the IT landscape much more than virtualization and clouds. Let’s say you have a host, you checked it and find out that there are no vulnerable packages. But what’s the point if this host runs Docker containers with their own packages that may be vulnerable? Add to this the issues with complex orchestration systems, such as Kubernetes, completely different DevOps subculture with their own terms, slang, beliefs, priorities, and the situation begins to look like complete IT Hell. 🙂
But it seems that Docker will be here for a long time, so we will have to live with it. 😉 Here I will not write what Docker is and how it works. There are many publications about this. I personally interested in what actually we can do with these weird “virtual machines”, how can we run and assess them.
How to make Email Bot service in Python. First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication (including various messaging apps), Email is still a default and universal way to do it.
Literally every enterprise service supports email notifications, even if it’s integration capabilities are rather limited. So, with Email Bot you can automatically process such notifications.
Email is good, simple, reliable and familiar way to communicate with humans. Send an email – get response. Everyone can do it. So, email bot can make basic routine operations, like organizing the external meetings, pretty much like a human secretary.
It’s easier to code Email bot than any other interface, and the code can be reused for other communication channels, for example messaging apps.
I get email messages from IMAP server in python3 using easyimap module.
Who should protect you from Cyber Threats? The world is becoming increasingly dependent on information technologies.
Government. More and more states provide digital services for their citizens and rely complex information systems.
Business. There are no more companies that do not have IT infrastructure (on-premises or cloud). IT processes become the most valuable competitive advantages of the companies.
People. The number of active Internet users is steadily growing. People own a large number of connected devices: from desktops and smartphones to smart homes and cars. Electronic payments (bank cards, Apple pay, PayPal, etc.) replace cash and traditional banking tools.
All these information systems make our life easier and more efficient. They also create the need for a huge amount of various software. This software is developed by people. And people tend to make mistakes. Especially when security is not their priority (when speed is a priority, for example). These errors cause large number of vulnerabilities exploited by attackers.
Regularly, we can hear about exploitation cases that often lead to significant damage. Who should protect us from cyber threats and cybercrime?
No left boundary for Vulnerability Detection. It’s another common problem in nearly all Vulnerability Management products. In the post “What’s wrong with patch-based Vulnerability Management checks?” I wrote about the issues in plugin descriptions, now let’s see what can go wrong with the detection logic.
The problem is that Vulnerability Management vendors, in many cases, have no idea which versions of the Software were actually vulnerable.
OMG?! How this can be true? 🙂 Let’s take an example.
Each vulnerability at some points in time:
was implemented in the program code as a result of some mistake (intentional or not)
Let’s suppose that we have some Software A with released versions 1, 2 … 20.
Just before the release of version 10, some programmer made a mistake (bug) in the code and since the version 10 Software A has become critically vulnerable. Before the release of version 20, Software Vendor was informed about this vulnerability and some programmer fixed it in version 20. Then Software Vendor released a security bulletin: “Critical vulnerabilities in the Software A. You are not vulnerable if you have installed the latest version 20.”
And what does Vulnerability Management vendor? This vendor only sees this security bulletin. It is logical for him to decide that all versions of Software A starting from 1 are vulnerable. So, it will mark installed versions 1 … 9 of the Software A as vulnerable, even so actually they are NOT.
Retrieving data from Splunk Dashboard Panels via API. Fist of all, why might someone want to get data from the panels of a dashboard in Splunk? Why it might be useful? Well, if the script can process everything that human analyst sees on a Splunk dashboard, all the automation comes very natural. You just figure out what routine operations the analyst usually does using the dashboard and repeat his actions in the script as is. It may be the anomaly detection, remediation task creation, reaction on various events, whatever. It really opens endless possibilities without alerts, reports and all this stuff. I’m very excited about this. 🙂
Let’s say we have a Splunk dashboard and want to get data from the table panel using a python script. The problem is that the content of the table that we see is not actually stored anywhere. In fact it is the results of some search query, from the XML representation of the dashboard, executed by Splunk web GUI. To get this data we should execute the same search request.
Vulnerability Life Cycle and Vulnerability Disclosures. Vulnerability Life Cycle diagram shows possible states of the vulnerability. In a previous post I suggested to treat vulnerabilities as bugs. Every known vulnerability, as same as every bug, was implemented by some software developer at some moment of time and was fixed at some moment of time later. What happens between this two events?
Right after the vulnerability was implemented in the code by some developer (creation) nobody knows about it. Well, of course, if it was done unintentionally. By the way, making backdoors look like an ordinary vulnerabilities it’s a smart way to do such things. 😉 But let’s say it WAS done unintentionally.
Time passed and some researcher found (discovery) this vulnerability and described it somehow. What’s next? It depends on who was that researcher.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.
