Entries from July 2009
My colleague and guest blogger Lawrence Orans joins me today in giving his take on the DNS BIND vulnerability:
Another July, another DNS vulnerability. Last year, it was the Kaminsky vulnerability. Yesterday, the ISC announced another vulnerability in BIND. It’s serious — a specially-crafted dynamic update message can crash your BIND 9 name servers. According [...]
[Read more →]
Tags: Uncategorized
TMI: Too Much Info. Sure the below example isn’t as egregious (i.e. bad) as the others I’ve posted recently, but it falls into that soft gray category of TMI.
See the other posts on this thread:
Social Media Data Leaks: Password Reset Helpers
Social Media Data Leaks: The Polarity of Security Models
and Social Media Data Leaks.
[Read more →]
Tags: Uncategorized
There are some slightly sensitive things which if leveraged can be turned into more sensitive things. Ye olde Mother’s Maiden name is one of those often used in attacks on password reset challenges, of the likes of which have been reported on here.
Here is an example via Twitter of making an account reset [...]
[Read more →]
Tags: Uncategorized
There were some thought-provoking comments on yesterday’s post: is this kind of information a data leak, a breach, or just being too informative?
In the example below I had to blank out the username because it was the same as the Twitter name.
We’ve become accustomed to the positive security model for email, which is to [...]
[Read more →]
Tags: Uncategorized
A new recurring post, Social Media Data Leaks will show examples of data leaks, either personal or corporate, through social media. Social media is only unique as a means of leakage as the medium is intentionally public, and usually is not easily inspected or blocked: for example, social media is often accessed via mobile devices [...]
[Read more →]
Tags: Uncategorized
Why are there more security companies than ever? Why are there so many point solutions? Why hasn’t the market converged down into 4 things I have to buy like other markets?
It isn’t that the market is wrong: it is this market’s nature to be so messy ("it’s my nature" goes the last line to the [...]
[Read more →]
Tags: Uncategorized
My colleague Adam Hils blogged here about the publishing yesterday of the “Magic Quadrant for SMB Multifunction Firewalls” for Gartner customers. He does a good job explaining that these all-in-one or UTM products are for small and midsize businesses (SMB) and not the enterprise: these markets are not converging. Additionally, the use cases and markets [...]
[Read more →]
Tags: Uncategorized