by John Pescatore | May 29, 2009 | Submit a Comment
Symantec’s MessageLabs unit recently reported that 90% of email is spam. Spamhaus defines spam as: An electronic message is “spam” IF: (1) the recipient’s personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to [...]
Category: Uncategorized Tags:
by John Pescatore | May 28, 2009 | Submit a Comment
Door knob rattling is a good example of beating the bad guys to the punch – if they are going to check for open doors, we do it first and lock the doors we find were left unlocked. Vulnerability scanning and penetration testing are the modern day equivalents. Extra credit bonus question: what large information [...]
Category: Uncategorized Tags:
by John Pescatore | May 27, 2009 | Submit a Comment
If you look at death rates, after heart and lung diseases and cancer, the leading cause of death in the US is accidents. If you look at cybersecurity incidents, the leading cause is essentially accidents. Sloppy system administration, users accidentally sending out critical information, bad choices that are made to take known unacceptable risks, etc. [...]
Category: Uncategorized Tags:
by John Pescatore | May 26, 2009 | 2 Comments
If you can’t keep Windows machines safe from Conficker/Neeris, please disconnect now.
Category: Uncategorized Tags:
by John Pescatore | May 22, 2009 | Submit a Comment
We cherish too, the Poppy red That grows on fields where valor led, It seems to signal to the skies That blood of heroes never dies. (Moina Michael, 1915) In the United States, this is Memorial Day weekend. While today most people think of Memorial Day as the unofficial start to summer, it started as [...]
Category: Uncategorized Tags:
by John Pescatore | May 21, 2009 | 1 Comment
In the SANS Newsbites earlier this month I commented: (Pescatore): Between Acrobat and Flash, Adobe has a continuing stream of serious vulnerabilities coming out. Make sure your patch processes are up to dealing with these – workarounds like turning off Javascript never work. I hope there are some next generation versions of these products coming [...]
Category: Uncategorized Tags:
by John Pescatore | May 20, 2009 | 1 Comment
The US CERT is reporting there are active attacks against an flaw in how Microsoft’s IIS Web server handles UNICODE tokens. Microsoft does not have a patch yet, but issued a security alert that points out some mitigating factors – the severity of this Windows vulnerability dictates expedited action as a minimum to check everyone [...]
Category: Uncategorized Tags:
by John Pescatore | May 19, 2009 | Submit a Comment
If they consume it as a service, secure it with a service.
Category: Uncategorized Tags:
by John Pescatore | May 18, 2009 | 2 Comments
About 1 out of 3 Gartner research note titles used to be of the form “Nouns: Interrogative Phrase?” It really helped increase the market share of the lowly “:” as a syntactical-deductive, but the Gartner editors decided research notes were supposed to have the answers, not the questions, in the title. Since the Gartner security conference is in [...]
Category: Uncategorized Tags:
by John Pescatore | May 15, 2009 | Submit a Comment
After a few rainy weeks here in the Washington DC area, everything that should be green is and everything that should have flowered did – spring has sprung. Time for some spring cleaning and a trip to the dump (or the Suburban Solid Waste Transfer Station as it likes to call itself) to get rid [...]
Category: Uncategorized Tags:
