Archive by Author

Zip Slip Vulnerability – Updated

We’re posting some information on the newly announced Zip Slip vulnerability. Expect more information later today, but for now we wanted to post some information so you aren’t blindsided when management inevitably asks. The link to the vulnerability announcement is here. The Zip Slip vulnerability is a directory traversal vulnerability that is found in multiple […]

GA SB315 – Rendition Infosec’s thoughts

Rendition Infosec has been in lock step with other cybersecurity companies being vocal in our opposition to GA SB315, an extremely flawed piece of legislation that will likely hurt cyber security organizations that operate in GA. The bill itself is extremely poorly worded and leaves much to the discretion of prosecutors and judges. For instance, […]

Hacking back – is it the right move?

Today, the New Yorker published an article on hacking back. Many clients ask us about hacking back and we regularly tell them it’s a bad idea. When we press them for what the goal of the hacking back is, they can’t articulate what value it is likely to provide (other than making them feel good). […]

New Windows 7 and Server 2008R2 out of band patch

Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched […]