What keeps you up at night?

We deliver elite IT security and technology risk management services to organizations of all sizes and industries.
About our company

Not sure where to start?

We know that security can be overwhelming – even daunting. What type of solution is right for your organization? What is the first step you should take? Carve makes it easy.
Getting started

Our Services

Customized Security Solutions Engineered For Your Business
Assessment Services
Enterprise Services
Continual Risk Assessment
Wed, 26 Feb 2014
Bitcoin Protocol and "Low Risk" bugs

Low risk security issues can kill you. It isn’t that they come out and stab you in the heart, it is more a soft death of many cuts. You may not even know you are bleeding. Mosquito saliva has an anesthetic in it, you won’t even know it is there sucking your blood right away. The Bitcoin Protocol has a potentially lethal vulnerability, which by now everyone is familiar with, known as “Transaction Malleability”. The focus here is not how transaction malleability killed Mt. Gox (that has been discussed at length elsewhere), but how careful defenders must be when considering risk to their systems.

Tue, 04 Feb 2014
The Irony of Malware

So much for a relaxing Monday morning blogging session.

Tue, 06 Aug 2013
Look ma! Dotless domain names!

Making small changes to complex high availability systems can have extreme consequences. When these systems provide critical services to the entire planet – like, say, the Domain Name System – even minor changes must be analyzed very carefully.

Tue, 02 Jul 2013
Installing and Running Mallory on my Raspberry Pi

A few weeks ago, eager to find something to consume some brain cycles, I decided to find my Raspberry Pi. Playing with the Pi has always been fun and interesting. I was fairly confident that it shouldn’t be too difficult to get Mallory working on it. After all, we wrote it in Python, and during development (read: halfway into the project), we tried to keep imported libraries under control. So maybe…just maybe, it would work right out of the box. I decided to pull the install script, perform the magic, and give it a try…