John Pescatore

Update to The Myth of the Responsible User: this week brings news that those responsible users are texting while driving and letting sensitive and critical business information get onto music stealing services because they installed peer-to-peer software on their work PCs or put sensitive business information onto home PCs that had the entire drive indexed [...]

[Read more →]

Network World has a piece today about a credit union in California offering two factor authentication to its customers:
The credit union is encouraging customers to switch from simple password authentication to the far stronger two-factor authentication, which makes use of VeriSign’s handheld token to generate a one-time password. In addition, VeriSign offers applications for the Blackberry [...]

[Read more →]

Microsoft today, Adobe Thursday – Prevent problems, protect PCs: prioritize prompt patch pushing.
Microsoft out-of-cycle patch info here.
Adobe Flash patch info to appear here, info here.

[Read more →]

Lawrence Orans has guest-blogged here a few times giving Gartner’s take on using Skype securely if the business decides that Skype use will be allowed. In Gartner research notes and advice to clients, Lawrence and I have changed the focus from “you must block Skype” to “if you must allow Skype, do this…” The business [...]

[Read more →]

A few years ago Avivah Litan and I wrote a Gartner Research Note called “Data Protection is Less Costly Than Data Breaches.” We estimated the hard costs of large security incidents that resulted in exposure of customer data (more than 100,000 accounts) had hard costs on the order of $100US/account, while small ones (under 5,000) [...]

[Read more →]

I live on the edge – the edge of the woods, anyway. Deer eating my landscaping is a constant problem. Since I can’t put a giant fence around my entire property, I have to use a mixture of DMZs (deer fencing around areas where I can put a fence), hardening (spraying anti-deer solutions onto plants) and [...]

[Read more →]

A few recent wireless security items of note:
The Payment Card Industry Security Standards Council published guidelines last week on how merchants should deal with Wireless LAN security issues. Nothing really earth-shattering, no new requirements, lots of restatement of Wireless Security 101, but some definite clarifications that will drive Qualified Security Assessors to look for the [...]

[Read more →]

A few months without patches would be like a summer without weeds.

[Read more →]

Today is the 40th anniversary of the first time a person walked on the moon. That lead to the birth of a common saying “We can put a man on the moon but we can’t….” Oddly enough, 40 years ago a bunch of computer-related stuff happened, too:

Thompson and Ritchie at Bell Labs wrote what is [...]

[Read more →]

What ever happened to…?

The Kane Security Analyst – acquired by Security Dynamics in 1998 or so, that was a pretty nice little tool to preconfigure and give out to business units and tell them they could use it to clean everything up before the auditors got there. This is just one example of good security [...]

[Read more →]