Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats


Subscribe to Blog via Email

In Heartbleed’s Wake: A Password Primer

Passwords are the most commonly required authentication for website and email access, and they are effective when they work as designed – to prevent unauthorized access to an account or system. The Heartbleed vulnerability disclosure in April 2014 put the topic in the national spotlight, but the concerns about password security are no less diminished in light of the Apple iCloud incident and the news of the outdated Gmail password disclosure.

SearchDiggity: Avoid Bot Detection Issues by Leveraging Google, Bing, and Shodan APIs

Are you plagued by Google bot detection? Are your SearchDiggity scans almost immediately pausing, promising you that they’ll be “Auto-resuming in 15 minutes.”?  Do you want to avoid the frustration resulting from the Google-Bot-Detection-Blues?  Then you have come to the right place.  We’ll show you how you can leverage the official APIs for Google, Bing, and SHODAN within SearchDiggity, so that you can avoid having your scans blocked when performing Google Hacking assessments.

Untwisting the Mersenne Twister: How I Killed the PRNG

Random number generation has been insecure for decades and there hasn’t been a practical pentesting tool to tackle this problem – until now, that is.

Bishop Fox Does Vegas: 2014 Style

Each summer, the most innovative minds in the infosec industry gather in Las Vegas to discuss new findings, research, and tools. They appear at conferences like Black Hat USA and Security B-Sides Las Vegas. What transpires at these events often makes headlines and stays in people’s minds long after the summer has ended.

The Rickmote Controller: Hacking One Chromecast at a Time

Bishop Fox is a “Top Place to Work” — And Here's Why

Here are some facts about our global Internet security consulting firm, Bishop Fox.

A Week in the Life of a Pen Tester

The professional (and personal) life of the pen tester is one of great joys and great tragedies. There are ego-inflating accomplishments quickly followed by crushing sorrows. There are stacked cans of Red Bull, nights spent staring wide-eyed at a computer screen, and secretive shower crying sessions. Maybe when someone asks you “Well, what is pen testing anyway?” you reply with a wince and say, “pain.”

Examining The Impact Of Heartbleed

On April 10, Bishop Fox Security Analyst Tim Sapio was published in Dark Reading - hot on the tails of the discovery of the Heartbleed vulnerability. Tim discussed the vulnerability's implications as well as how Internet users could take measures to protect themselves.

An Introspection On Intro Security

We would like to thank everyone who read our original LinkedIn Intro blog post and those of you who spent extra time examining the security and privacy issues at hand. A couple of more interesting analyses pointed out to us are from Jordan Wright and Troy Hunt – they do a great job of exploring Intro in more detail.  In particular, Troy was able to put in words our thoughts on “speculation” better than we could have ourselves.

LinkedIn 'Intro'duces Insecurity

Don't make the mistake of thinking you're [the] customer, you're not – you're the product.

Guide to Hardening Your Firefox Browser in OS X

Your Mac systems and software might be safe – until they connect to the Internet. Here are some tips for Firefox hardening in OS X.

While many enterprises and end-users turn to Apple over Windows based on Apple’s reputation for security, there is little doubt that the web is the primary point of infection for most Macs. Just a few years ago, using a Mac might have helped users avoid being targeted. But today, with the emergence of advanced persistent threats and highly-skilled, well-funded attack teams, the OS X environment is no longer safer than any other endpoint, especially through its browser.

< 1 ...
4 5 6 7 8