For some reason, the SANS Newsbites didn’t use my comments on the item below, so here it is to fill the Friday blog:
US Government Agencies Say Incidents Are a Daily Occurrence (November 10 & 11, 2009)
A CDW-Government survey of 300 US government IT professionals found that 44 percent of agencies noted an increase in [...]
Entries from November 2009
Friday Filler: If The Sun Rose in the East, You Had a Cyber-Attack Today
November 20th, 2009 · No Comments
Tags: Uncategorized
Is Apple an “Enterprise-class Vendor” From a Security Perspective? Nah
November 19th, 2009 · 1 Comment
This week’s Twelve Word Tuesday was about all those holiday season presents showing up on your network when everyone comes back to work on January 5th. Apple is one of the major vendors of those “toys” and last week colleague Nick Jones asked for input on this question: “Is Apple an Enterprise-class Vendor?” At Gartner’s [...]
Tags: Uncategorized
Wednesday Whimsy: Invest in Prevention, or Legislate Away Threats?
November 18th, 2009 · 1 Comment
Back in 2007, I nominated Fireeye as a Gartner “Cool Vendor” since I’m constantly looking for vendors doing interesting things to deal with the “arbitrary malware” problem – developing wire-speed techniques to determine if in-bound executables are malicious or not.
Today there is an announcement that In-Q-Tel (IQT,) the CIA’s “venture capital” organization, has invested in Fireeye:
“FireEye [...]
Tags: Uncategorized
Twelve Word Tuesday: Only 50 Days Until All Those Christmas Presents Show Up On Your Network
November 17th, 2009 · 2 Comments
How will you secure those iPhone and Android stocking stuffers on 1/5/2010?
Tags: Uncategorized
Friday Follies: A Busy Week for Hacking of Consumer-Grade Social Networks
November 13th, 2009 · 1 Comment
MSNBC has a piece on a “vigilante” hijacking a number of Facebook group sites. Facebook’s statement helpfully pointed out “We are still investigating this situation, but an extremely small number of groups have been affected.” Sort of like a doctor saying “I haven’t really finished checking, but at first glance the tumor I did find [...]
Tags: Uncategorized
Addressing Credit Card Vulnerabilities
November 11th, 2009 · No Comments
I commented here yesterday, and in this weeks SANS NewsBites, about the overhype in Sunday’s 60 Minutes piece on cybersecurity. One thing that was mentioned was “white card fraud,” where card data stolen on line is put on blank credit, debit or ATM cards and waves of “card present” fraud happens. Nothing new – I [...]
Tags: Uncategorized
Twelve Word Tuesday: 60 Minutes, Mike McConnell and the FBI Say The World Has Already Ended
November 10th, 2009 · 1 Comment
For hype, focus on the threat; for security, focus on the vulnerabilities.
(By the way, here’s an alternate view of the cause of the Brazilian black-out)
Tags: Uncategorized
Consumer-grade IT: Facebook/MySpace Coding Flaws
November 9th, 2009 · 2 Comments
Most of the discussion on “opening up to social networking” seems to focus on the simplistic problem of allowing access from work or blocking it. That’s an easy one – businesses and government agencies will allow access, generally sooner rather than later. The real issue is what security controls need to be added to make [...]
Tags: Uncategorized
Is Google Android The Same “Most Secure Operating System” That Windows XP Was Supposed to Be?
November 4th, 2009 · No Comments
Eweek published a puff piece promoting the security of Google’s Android operating system that is starting to show up on some mobile phones. It read like a rip and read job from a Google marketing brochure:
1 – not really valid – we’ve said open source code gets more secure, more quickly but it is [...]
Tags: Uncategorized
Twelve Word Tuesday: Openess Good, Newness Bad
November 3rd, 2009 · 1 Comment
Transparency plus inspection is the friend of security, freshness not so much.
Tags: Uncategorized