Articles by Robert Hansen

Personal site: https://www.smartphoneexec.com

WordPress In Your Attack Surface Map

By Robert Hansen on February 1, 2021

WordPress is one of the most well known and most used pieces of web technology on earth. It also happens to be a bit of a mess from a security perspective, as it relates to the plugin ecosystem specifically. The core application also has had many vulnerabilities over the year, so …

Read More

Fortune 1000 – The Big Movers

By Robert Hansen on August 19, 2020

While going through the list of the Fortune 500 for Bit Discovery’s company reports you can download them here, I decided to take a bit of a step back and analyze how COVID was going to affect the entirety of the list over the coming year.  There are a handful …

Read More

Safari Ignores Certificate Expiration Over 1 Year and Arbitrarily Chooses 398 Days Instead

By Robert Hansen on June 22, 2020

Before I start, let me apologize ahead of time for the excessive amount of snark that is sure to follow. Okay, ready? Here we go.

The browsers are at it again—this time it’s Apple’s turn to shake things up.  Similar to how Google decided to mark any HTTP site as unsafe, …

Read More

Adding IP Ranges

By Robert Hansen on June 9, 2020

Recently we were asked if someone should add their known IP space to their inventory. At first, I really struggled to explain why. But after some thinking, I hope this post will explain why IP address ranges should be added to your asset inventory.

Let’s start with an example where your …

Read More

The 2020 Internet Asset Inventory Report

By Robert Hansen on June 2, 2020

Bit Discovery would like to announce our 2020 Internet Asset Inventory Report (IAI). 

This report was a long time in the making for a number of reasons. First, the tech necessary to properly enumerate, catalog, and run statistics on the largest companies on earth simply didn’t exist until very recently. Secondly, …

Read More

Coronavirus Opportunistic Domains

By Robert Hansen on March 12, 2020

As with any massive change/panic or revolution— there are always opportunists. We’ve been tracking some of these changes just to see how quickly they change. For instance, if you look at any brand, you can see it ebb and flow over time. Often in tandem with search traffic using …

Read More

Equifax’s Lack of Asset Management Was the Cause of Their Breach

By Robert Hansen on March 3, 2020

Equifax’s breach in 2017 was all the information security community could talk about, and it was a household name. This was because of how many US citizens it impacted. It really was a catastrophe for the company’s reputation and put them in the hot seat with consumers. It wasn’t just …

Read More

Why Do We Have so Many Domains?

By Robert Hansen on January 7, 2020

There seems to be some misconception about where domains come from, and why companies buy more than one domain. For instance, why would a company want uk.company.com or company.co.uk instead of www.company.com/uk/? It has been posited that companies do this because IT departments are too daunting/draconian/slow to get it done, …

Read More

Shadow IT and Orphaned IT

By Robert Hansen on December 15, 2019

I was on a call with a rather large enterprise the other day and the topic of finding Shadow IT came up. While I think Shadow IT (IT that no one knows to exist) is a fairly well-understood aspect of computer security, it dawned on me that there is a …

Read More

Bit Discovery Security

By Robert Hansen on October 8, 2019

One often hears that companies care about security, or have it baked into their design. In reality, the actual tasks companies undertake to protect people’s security are limited to what modern website architecture provides naturally. We recognize how important security is for your business. Our security is your security, and …

Read More