Author Archives: rhuber

rhuber

About rhuber

Ryan is a Senior Engineer at Kenna.

The More You Know… (Heartbleed Edition)

rhuber    April 9, 2014

Yesterday, the information security community was made aware of a critical vulnerability in some versions of OpenSSL, one of the most commonly used software “libraries” for secure internet communications. When your web browser is connected via HTTPS (your less tech savvy friends might refer to it as the “lock icon”), there is a high probability that OpenSSL is involved in… Read more »

On Physical Security

rhuber    March 31, 2014

Our mission at Risk I/O is to help businesses understand threats to their infrastructure, but as security practitioners we are interested in many forms of security, including physical. This blog post concerns something of particular interest to me, securing my office and a nearly successful theft, which was thwarted by a bit of hobbyist tech. Risk I/O is an emerging… Read more »

What I Learned at BayThreat 2013

rhuber    December 9, 2013

BayThreat, an annual bay area information security conference, was this past weekend. As in years past it was top notch and well organized. The conference returned to it’s old home, the Hacker Dojo, for this fourth incarnation. Some highlights (in no particular order): Nick Sullivan spoke on white box cryptography, and the lack of a current open source implementation. White… Read more »

Mitigating Application DoS: SecTor Conference Talk

rhuber    October 14, 2013

I was recently invited to speak at one of my favorite security conferences, SecTor in Toronto. Many thanks to Risk I/O for giving me some official time to work on this side project over the last month (side note: we are hiring!). This blog post will summarize my SecTor presentation on application Denial of Service attacks. Application DoS has seen… Read more »

The Security Circus Comes to Las Vegas

rhuber    July 18, 2013

The end of July will see thousands of security professionals descend on Las Vegas for another round of instruction, information, networking, sales, parties and FUD. This will be the 13th consecutive year I’ve attended at least one of BlackHat, BSides or Defcon events. It is easy to become overwhelmed with so much going on, so here are a few tips for… Read more »

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »

It’s (A)live! Risk I/O Now Integrates with NTOSpider

rhuber    March 19, 2013

Hot on the heels of our filtered dashboard  and patch reports feature releases, we’re announcing our latest security tool integration. Risk I/O can now integrate with the NTOSpider dynamic application security testing (DAST) solution. Adding NTOSpider to your selection of Risk I/O connectors allows you to leverage its unique capabilities to detect vulnerabilities within your applications. With NTOSpider, you can scan… Read more »