It's the Great Pumpkin Patching Contest, Charlie Brown!

Blog Post created by patrick_hellen on Oct 4, 2013

It's October! You all know what that means! That's right! It's National Cyber Security Awareness MonthOh...some of you thought Halloween...right. Well let's see if we can shoe-horn those two together.


Browsing the internet can be a little scary at times.  Kind of like trick or treating, there are houses you know to avoid because the lights are out, but how do you avoid the house where they've gone on a health kick and are giving out carrots and celery at the door?  Or worse, the house that bought contaminated, expired candy at the dollar store?  Trick or treating is an inherently risky behavior, but fun and hard to stop. Stop groaning, we're getting to the fun part.


But first, some more security stuff... The average person will not, and realistically cannot, curtail their use of the internet. It’s pervasive, it has become part of our way of life; it’s not going to go away.  Neither are the little bits and pieces that bring it all together, PDF documents, Flash, Java, and all the rest.  Well, HTML5 may make Flash obsolete, but that’s a different story.


So what can the average person do to be more secure while using the internet without completely sacrificing functionality?  Well, first and foremost they can stay up-to-date with patches and software revisions.  When an update comes out, apply it immediately.  This drastically lowers your surface of exposure and ensures that you have the latest built-in protections. This makes you a tougher target to crack and in a world where the vast majority of individuals and organizations are not being specifically targeted, well, you don't have to outrun the bear, you just have to outrun the other people the bear is chasing.


A trend that has been constant for several years is that malware writers get a lot of traction exploiting vulnerabilities for which a patch is available but not applied. This is a particularly common affliction of Java plugin users who don't always update, or accidentally keep old versions around making them susceptible to attacks which force a JVM downgrade. Commercial malware packs only make the mainstream news when they get their hands on an unpatched vulnerability, but these malicious, black market products are profitable because they are loaded with exploits that work in the real world on vulnerabilities where a patch is available.


Pumpkins.jpgSo patching... and Halloween. Pumpkins. Pumpkin patches! (Yes, it's a stretch, but stick with us here)


For the month of October, we’d like you to submit pictures of your best pumpkin-carving skills, with the hashtag #Rapid7Pumpkin.


We’re not looking for just any carving. To make sure you really think about all the benefits of patching, we're offering a prize for the Most Security Aware pumpkin carving, and you can see our patching themed ones here for inspiration. Since it's Halloween soon though and we don't want your kids telling you you're a nerd, we'll also give out prizes for Most Terrifying and Most Hilarious. If you can come up with something that fits all three categories? Three times the chances of winning! So send us your most creative example of slashed up and candle embedded squash, and we’ll be handing out three $50 dollar Amazon gift vouchers for the best entries.


There’s no limit to the number of entries, so if you want to decimate an entire farm for this, please feel free. As always, you can enter either through Twitter with the hashtag #Rapid7Pumpkin or by posting on the Rapid7 Facebook Page.


Good luck to all, and if you feel like sharing the delicious pumpkin seeds, you know where to find us.


Oh by the way, we are still running our Metasploit T-shirt contest throughout Q4, so if you'd like to enter that as well, please click here for details.


Spookily yours,