by John Pescatore | January 15, 2010 | 3 Comments
The long term lesson to be learned from Google’s admission that its PCs and some intellectual property were compromised by a targeted attack is to assess and upgrade your endpoint security, web security and network security platforms to make sure you are able to deal with the bot threat delivery mechanism. Our security practice has [...]
Category: Uncategorized Tags:
by John Pescatore | January 14, 2010 | 4 Comments
In bicycle and car racing, there is a concept called drafting – if you snuggle up behind another racer, they will do most of the work against the air friction and you will gain on the order of 30% more efficiency. In security, the equivalent is that when security incidents are made public, it is [...]
Category: Uncategorized Tags:
by John Pescatore | January 13, 2010 | 10 Comments
Google announced (or blogged, anyway – there is a difference) that they had been hacked and had discovered both the loss of Google intellectual property and the compromise of a number of customer gmail accounts: In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in [...]
Category: Uncategorized Tags:
by John Pescatore | January 12, 2010 | 1 Comment
Mobile-phone “marketplaces” – huge safety gain if Apple/Google/etc make strong security/privacy required features.
Category: Uncategorized Tags:
by John Pescatore | January 11, 2010 | Submit a Comment
The Identity Theft Resource Center has pulled together an interesting set of statistics looking at the data breaches that occurred in 2009. While the ITRC does take funding from companies that do have a profit motive in publicizing identity theft, over the years the ITRC seems to have played it straight and their data looks [...]
Category: Uncategorized Tags:
by John Pescatore | January 8, 2010 | 3 Comments
Last week, Karsten Nohl released details on a RainbowCrack approach to breaking the well=known-to-be-weak encryption in the GSM cell phone system. Not much new there, just a more efficient way of breaking the wimpy A3 A5 encryption in use. Yesterday, the GSM association said “Not to worry” – mobile carriers can thwart the threat (try saying that [...]
Category: Uncategorized Tags:
by John Pescatore | January 7, 2010 | 6 Comments
The SANS NewsBites online newsletter didn’t use my comment on the ABA’s recommendation that small businesses only do online banking from PCs that are never used for email or web browsing, so I’ll go into it here. According to the USA Today piece, the Financial Information Services Sharing and Analysis Center (FS-ISAC) issued private guidance [...]
Category: Uncategorized Tags:
by John Pescatore | January 6, 2010 | Submit a Comment
Busy week on the M&A front: Gartner buys Burton Group – so far, all they have told us is that Burton will be kept separate for the foreseeable future. From the security perspective, it will bring a number of very strong identity and access management and infrastructure security analysts into the Gartner research group. EMC acquires Archer [...]
Category: Uncategorized Tags:
by John Pescatore | January 5, 2010 | Submit a Comment
Old threats, like shoe/groin bombers, don’t go away – vulnerability management still critical. * Title quote is from Joyce Carol Oates, who is pretty good at the twelve word game.
Category: Uncategorized Tags:
by John Pescatore | January 4, 2010 | Submit a Comment
Here in the Washington DC area, the new year was ushered in with several days of winds in the 40+ mph range. Surprisingly, very limited power outages – turns out that my power company had been fairly proactive in doing enough tree trimming to prevent major problems. Of course, it could also have just been [...]
Category: Uncategorized Tags:
