If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.
Continue reading "Challenge Yourself To Be Better..."
Comment on this blog entryOne of the key differences in military theory between Internet warfare and kinetic warfare is whether defense or offense are stronger. Here's a shortened version of an argument I am formulating about this matter following years of debate.
Continue reading "Cyberwarfare: Play Offense Or Defense?..."
Comment on this blog entryContinue reading "Energizer Bunny Gone Bad..."
Comments(1)Last week I looked at some creative uses of log analysis for detecting malware, and ways to acquire Windows physical memory for analysis. What I've seen time and time again is where those in charge of security don't even bother to log information from their systems and applications, leading them to a much larger incident response scenario than if they could detect it sooner.
Continue reading "New Analysis Tools For Windows Memory..."
Comment on this blog entryMy company Secure Network has been performing a variety of penetration tests that leverage information derived from sites such as MySpace and Facebook.
Continue reading "Facebook As A Spear-Phishing Tool..."
Comments(1)It was a busy week. Some of you made the annual trek out to San Francisco, while the rest of you were stuck working diligently in your office. Me...well, I'm in the latter group.
Continue reading "Acquiring Windows Memory For Incident Response..."
Comment on this blog entryFollowing a Facebook update from a soldier on an upcoming operation, the Israeli Defense Forces (IDF) canceled an operation into the West Bank, illustrating how the connected world makes maintaining operational security (OPSEC) all the more difficult.
Continue reading "Social Networks, Data Leaks, And Operation Security..."
Comment on this blog entryCyberwar and advanced persistent threats (APT) are fun terms thrown around a lot lately. Everyone seems to have their own slightly varied opinion on what they each mean. Personally, I don't care all that much what the different nuances of each are as long as I can understand the associated threats and deal with them appropriately.
Continue reading "Creative Approaches To Malware Detection..."
Comments(3)Good news for Department of Defense folks. They can now start using USB flash drives again -- provided there's absolutely no other way to transfer the data from point A to point B. OK, so maybe it isn't time to rejoice just yet.
Continue reading "Fight Malware With Software Restriction Policies..."
Comment on this blog entryThe wave of phishing attacks against Twitter users continues to catch unwary surfers.
Continue reading "Twitter Phishing Attacks Asks, 'This You????'..."
Comment on this blog entryLet's face it: Users love the concept of adding free plug-ins and apps to customize and empower the base software tool, whether it's in a smartphone or browser. Doing so is fun, it's cool, and it lets them personalize their software to augment or shape how they use it. Even firewall management has joined the plug-in party.
Continue reading "Firewalls And DIY Plug-Ins..."
Comments(1)The average computer user (a.k.a. most of my family) doesn't have a fighting chance. I hate to say it, but the malware we're seeing on a daily basis makes this scary fact evermore true. There is absolutely no way that most home users are going to be able to protect themselves against modern malware like Zeus. Malware authors have become extremely good and proficient at what they do because it's making them money.
Continue reading "Enhancing Botnet Detection With Manpower..."
Comment on this blog entryTwitter users are being warned not to click on messages saying, "lol, this is funny." Doing so can lead to their account details being stolen.
Continue reading "Twitter Hit By BZPharma LOL Phishing Attack..."
Comment on this blog entryContinue reading "Boosting Your Defenses Against Botnet Infections..."
Comment on this blog entryWith March Madness coming up, I recently spent the morning in some rather distinguished company simulating the effect of a March Madness smartphone app that turned out (within the confines of the simulation) to be malware.
Continue reading "Will Cyber Shockwave Make Some Waves?..."
Comment on this blog entryI've been using FlashGot on and off for years. It is a useful plug-in that helps you download multiple files from the same Web page "automagically." So when Firefox informed me about a new update for an add-on I've used for years, I clicked "OK" and updated it, only to find a surprise the next time I used Google.
Continue reading "Mozilla's Add-On Policies And Spyware Surprises..."
Comment on this blog entryThe buzz generated from Core Security's move to integrate with the Metasploit Framework has left me a little puzzled. Don't get me wrong: I love Metasploit. It's a fantastic tool that has certainly been put through its paces as a pen-testing tool -- it's free, open source, and extremely accessible to aspiring security professionals. And, of course, I've heard great things about Core's flagship product, Impact Pro. But the deal just seems like an odd move.
Continue reading "Penetration Testing Is Sexy, But Mature?..."
Comment on this blog entryHow much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.
Continue reading "Measuring Database Security ..."
Comment on this blog entryDuring BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it. The issue is ethical disclosure -- a topic over which the security research community remains hotly divided.
Continue reading "Oracle 0-Days..."
Comments(1)Continue reading "Virtualization Vulnerabilities Up And Coming..."
Comments(1)There are hacker conferences, and then there's ShmooCon. The annual East Coast convention was held during a major snowstorm in Washington, D.C., but that didn't stop researchers from sharing their latest exploits, hardware, and software inventions, and huddling over discussions about the latest security issues.
Continue reading "Sights, Sounds (And Snow) Of ShmooCon 2010..."
Comment on this blog entryLast month an international team of researchers announced they had managed to factor a 768-bit RSA key. This raises interesting questions about handling encryption and planning ahead in your security strategy.
Continue reading "How Much Crypto You Really Need..."
Comment on this blog entryOne of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.
Continue reading "Dark Reading Launches New Database Security Newsletter..."
Comment on this blog entryAdvanced persistent threat: I like the term -- it sounds evil, and it is...well, at least I think it is. There has been a lot of news, opinions, and genuine FUD on APT since Google went public with news of its breach several weeks ago. Until then, I really don't think anyone ever paid much attention to what APT was, even though well-respected people, like Richard Bejtlich and the folks at Mandiant, have been talking about it for a while.
Continue reading "Speeding Incident Response With 'Indicators' Of A Compromise..."
Comment on this blog entrySeveral cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.
Continue reading "Amazon's SimpleDB Not Your Typical Database..."
Comments(1)