by Greg Young | July 29, 2009 | 2 Comments
My colleague and guest blogger Lawrence Orans joins me today in giving his take on the DNS BIND vulnerability: Another July, another DNS vulnerability. Last year, it was the Kaminsky vulnerability. Yesterday, the ISC announced another vulnerability in BIND. It’s serious — a specially-crafted dynamic update message can crash your BIND 9 name servers. According [...]
Category: Uncategorized Tags:
by Greg Young | July 28, 2009 | 2 Comments
TMI: Too Much Info. Sure the below example isn’t as egregious (i.e. bad) as the others I’ve posted recently, but it falls into that soft gray category of TMI. See the other posts on this thread: Social Media Data Leaks: Password Reset Helpers Social Media Data Leaks: The Polarity of Security Models and Social Media [...]
Category: Uncategorized Tags:
by Greg Young | July 27, 2009 | 1 Comment
There are some slightly sensitive things which if leveraged can be turned into more sensitive things. Ye olde Mother’s Maiden name is one of those often used in attacks on password reset challenges, of the likes of which have been reported on here. Here is an example via Twitter of making an account reset attack [...]
Category: Uncategorized Tags:
by Greg Young | July 24, 2009 | 2 Comments
There were some thought-provoking comments on yesterday’s post: is this kind of information a data leak, a breach, or just being too informative? In the example below I had to blank out the username because it was the same as the Twitter name. We’ve become accustomed to the positive security model for email, which is [...]
Category: Uncategorized Tags:
by Greg Young | July 23, 2009 | 3 Comments
A new recurring post, Social Media Data Leaks will show examples of data leaks, either personal or corporate, through social media. Social media is only unique as a means of leakage as the medium is intentionally public, and usually is not easily inspected or blocked: for example, social media is often accessed via mobile devices [...]
Category: Uncategorized Tags:
by Greg Young | July 14, 2009 | Comments Off
Why are there more security companies than ever? Why are there so many point solutions? Why hasn’t the market converged down into 4 things I have to buy like other markets? It isn’t that the market is wrong: it is this market’s nature to be so messy ("it’s my nature" goes the last line to [...]
Comments Off
Category: Uncategorized Tags:
by Greg Young | July 12, 2009 | Comments Off
My colleague Adam Hils blogged here about the publishing yesterday of the “Magic Quadrant for SMB Multifunction Firewalls” for Gartner customers. He does a good job explaining that these all-in-one or UTM products are for small and midsize businesses (SMB) and not the enterprise: these markets are not converging. Additionally, the use cases and markets [...]
Comments Off
Category: Uncategorized Tags:
