847.221.0200  Main Office

Halock Blog


Lessons in Risk Management: What We Should Learn from the FAA Fire »

Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications can create huge impacts … Read More »


How to Secure Your Assets from Cyber Sewage »

There I was, ankle deep in raw sewage, incredulous that for the second time this summer, my basement was filling up with foul smelling murky waste. As I looked hopelessly at my wife while the water level continued to rise, I angrily thought to myself, “What else can I do?” Didn’t I shell out … Read More »

PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized »

Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal network. In order to attain … Read More »


CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure »

Title: CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure
Product: Nessus
Vendor: Tenable Network Security
Version: Nessus 5.2.3-5.2.7 – Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote … Read More »


Code Spaces Spaced Out On Data Security »


The information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and convinced their clients that their code was safe … Read More »

View Older Posts