Security Strategy

Active and Passive TOR Detection

by Ron Gula
September 19, 2007

Tenable's research group has recently released several updated plugins for both the Nessus scanner and Passive Vulnerability Scanner to detect Tor in operation and waiting for connections.

Tor is a self organizing peer-to-peer network application. It encrypts network communications and also randomly spreads it across other Tor nodes to prevent traffic analysis.

Finding Vulnerabilities Older than 30 Days

by Ron Gula
August 6, 2007

"30 Days" seems to be the default amount of time organizations look for vulnerabilities to be patched by. Version 1.1 of the Payment Card Industry standard specifically states a 30 day time period. Of course the actual age of a vulnerability has nothing to do with how easy it may or may not be to exploit, but politically, old vulnerabilities can indicate broken policies, bad IT processes and lapses in compliance.