Apple Without Jobs: Who Secures A Company's Heart?
Commentary | 12/31/2008 | Very often a founder is the heart of a unique, successful company, or in the case of IBM it was actually the son of the founder, Thomas Watson Jr. All the focus this week on the likely departure of Steve Jobs from Apple has me thinking back about one of my very first jobs at Disney shortly after Walt died. In many ways these men embodied more than their companies' brands: They embodied a way of thinking about business that wasn't defined in dollars and cents; it was defined by imagination, carin
Top 10 Security Stories Of 2008
A spike in data breaches, the threat of malicious hardware, and alarming revelations about the Internet's vulnerabilities from security experts such as Dan Kaminsky all made headlines in 2008.
The (Not Quite) End Of Security On The Internet
Commentary | 12/30/2008 | Speaking at the 25th annual Chaos Communication Congress in Berlin, security researchers showed how they developed a rogue (forged) Certificate Authority digital certificate. Yes, this is a big deal. But no, the Internet isn't broken.
ID Theft and Police Scanners
Commentary | 12/30/2008 | When asked why he robbed banks, the flamboyant criminal Willie Sutton answered, "Because that's where the money is." That's the perfect example of how the principle of Occam's razor applies to crime: the simplest solution to a problem is often the best one. With the economic downturn, high unemployment rates, and the booming business of identity fraud, would-be criminals are on the lookout for easy methods to get access to personal information. And we stumbled across one such way during a rece
Cloud Computing Security: What About It?
Commentary | 12/29/2008 | I'm always trolling the Web for insight into the latest technology trends, and how these trends could impact both how we use technology and how it may change how we secure our data. During my pursuit for knowledge, I'll often run into bone-headed comments and blogs, and when I do, for the most part, I just shrug them off. Today's experience isn't one of those times.
SIFT Workstation And Resources For Aspiring Forensic Examiners
Commentary | 12/29/2008 | Rob Lee of Mandiant and a faculty fellow from the SANS Institute gave the forensic community an early Christmas present with the release of version 1.2 of the SIFT Workstation. It is a Linux-based VMware appliance pre-configured with the tools needed to conduct a forensic examination. Rob has developed the SIFT Workstation for the SANS course he developed and teaches, which is ve
CastleCops Shuts Down
After years of fighting the good fight against spammers and phishers, the all-volunteer online community has pulled the plug
CastleCops Phish Fighters Close Site
Commentary | 12/29/2008 | Quietly, just before Christmas, six year old volunteer anti-phishing group CastleCops closed its Web site, noting in an open letter that "all things come to an end." True enough, but the example CastleCops set deserves to live on, and be emulated.
Yes, Virginia, There Will Be More Attacks
Commentary | 12/24/2008 | This is the time of year when the editor of a publication usually issues a warm and fuzzy holiday message that's supposed to make you want to gather around the fire with your family for a group hug.
Unless, of course, your publication has to do with information security.
Second Zero Day Flaw Nails Microsoft In Two Weeks
Commentary | 12/23/2008 | For the second time in two weeks, Microsoft is rushing to fix a zero-day vulnerability. This time the flaw is in some versions of the software used to run corporate databases.
Cloud Storage Is About Dispersion
Commentary | 12/23/2008 | Cloud storage is destined to be one of the hottest markets next year. It is one of those technologies that is actually aided by a down economy. As IT budgets remain flat or decline, the need for storage capacity will accelerate. The ability to buy that storage as you need it instead of all at once will be interesting. Additionally, Web 2.0 and other Internet-enabled services are supposed to continue to thrive, and all these will need storage as well.
WARNING: Old Windows SQL Server Flaw Exploit Code Published
Commentary | 12/23/2008 | Microsoft has issued an advisory that a known critical vulnerability in older versions of Windows SQL Server now has proven attack code, developed by a security firm weary of waiting for a patch to be released.
Quick Take: Check Point Frees Nokia To Be Nokia
Commentary | 12/22/2008 | To IT security industry watchers, the move announced today that Check Point Software Technologies is acquiring Nokia's security business is no shocker. And perhaps it will enable Check Point to start doing what it should have been doing all along: innovating more.
Database Breach Preparedness
Commentary | 12/22/2008 | A copy of "SQL Server Forensic Analysis," by Kevvie Fowler, arrived in my mailbox today. I'd been looking forward it to because it is a highly topical subject given all of the data breaches that have occurred in the past couple of years involving databases. David Litchfield has produced numerous whitepapers and presented on the topic of Orac
Has Microsoft's Trustworthy Computing Got Us Anywhere?
Commentary | 12/19/2008 | As we noted earlier this week, Microsoft learned of a vulnerability in IE 7 on "Patch Tuesday," Dec. 9, and had a fix published for download eight days later. Now, Microsoft's Michael Howard, from the security engineering team, takes an interesting look at the lessons learned.
The 2009 Security Tsunami
Commentary | 12/19/2008 | Many in the United States think the party in power has sacrificed too much privacy and liberty in order to address security concerns, particularly in regard to terrorism. The incoming administration is likely to undo a lot of this, but, at the same time, a massive number of very upset people with and without tech skills are going to find themselves jobless.
Trust Trumps Price For Cybershoppers
Commentary | 12/19/2008 | The hope that tight economic times are driving shoppers Webward in search of better prices carries a caveat: By a factor of ten to one, online shoppers place a higher value on trust and security than on bargains, according to recent research from VeriSign.
IE7 Zero-Day Lessons
Commentary | 12/19/2008 | The recent zero-day IE7 vulnerability is a big deal. Hackers used it to hack into hundreds of thousands of machines, if not millions. Both IE7 and Vista are vastly more secure than their predecessors, yet this bug sliced right through them to give the hacker a robust exploit. We need to do a post mortem of this event to figure out what we should do in the future.
How Storage Latency Affects Performance
Commentary | 12/17/2008 | A few entries ago I introduced the subject of latency as impedance to storage performance. The biggest area of concern is what impact storage latency has on application performance. This is an area where solid state disk (SSD) solutions can make a difference that standard mechanical drive solutions struggle to solve.
Patch 'Em Up! IE Releases Critical Patch, Firefox Patches Dozen Bugs
Commentary | 12/17/2008 | Microsoft has released the patch that closes an Internet Explorer vulnerability that's been exploited hundreds of thousands of times in the last few days. Mozilla has patched more than a dozen Firefox problems, many of them critical. Time to get Patching!
The Five Coolest Hacks Of 2008
Not even your psyche was safe from hacking this year -- hackers found holes in the highway toll system, building security -- and, yes, your head
|