John Pescatore

 
 
 
 
(posted from the Gartner IT Security Conference in London)
 

[Read more →]

Apple, Cisco, Microsoft and Mozilla all had critical vulnerabilities come out this month – September will be a real patch-a-thon. Many of the vulnerabilities discovered were of the “malformed input” variety, where protocols or file handlers can be corrupted when specially crafted input is prepared – often enabling the attacker to run arbitrary code on [...]

[Read more →]

Say your boss came to you and said:
We’ve been hit by an upsy-daisium ray. Every single security product we have has been vaporized. The suits say they will replace our existing security budget, so we do not have any additional money to spend but we are starting from a clean slate. We can’t change anything [...]

[Read more →]

(My blogging got a bit backed up due to travel and PC upgrades)
I want to see Web Security Gateway vendors (and any other security product vendor who can do this) add a very simple feature:

Every time there is an update to the list of bad URLs, I would like them to look at the user [...]

[Read more →]

In the sprit of On the Media’s Twelve Word Novel contest:
One buys another, three new ones appear. Size matters but innovation rules.  

[Read more →]

There are a lot of things that really are not security issues that sort of get blended in with security, generally because they have some connection to some level of corporate policy or some connection with common security controls, such as deleting games from employee’s PC or blocking employees from “non-productive” web sites. One area [...]

[Read more →]

Pirates were sort of the original hackers – they reverse engineered boat designs to come up with fast, nimble attack ships that were able to out-fight the large ships and make off with all that booty and treasure chests and stuff. Over the past 20 years terrorists have done the same thing (remember the Cole [...]

[Read more →]

High profile political campaigns attract hackers like risky business decisions gone bad by large financial institutions in the free market attract requests for government bailouts. Many of the candidate’s web sites and Facebook/MySpace pages have been hacked and yesterday The Washington Post reported that Republican Vice Presidential candidate Sarah Palin’s Yahoo mail account had been [...]

[Read more →]

One of the problems being an analyst in the security field is that everyone wants to hear about how companies solved security problems, but no one wants to make public how they solved security problems. This is understandable – giving out details of your security controls can seem to have lots of downside.  But there [...]

[Read more →]

As the old saying goes: “August goes out like a sauna, September comes in like a long string of natural and man-made disasters.” What a few days – Hurricane Ike flattens south-central Texas, then roars up through the midwest and knocks out power across the mid-west while flooding Chicago. At the same time, Wall Street [...]

[Read more →]