New iPhone SMS Threat No Reason To Panic
You may have heard that researcher Charlie Miller has released details about a vulnerability that allows an attacker to take over an iPhone remotely with a SMS message. Now everyone is rushing to offer homegrown advice on how to fix the problem. But I'm going to offer a different point of view.
Corporate Patch Management Lags In Maturity
If one of the most important disciplines necessary for keeping systems secure is a systematic vulnerability management program, why have so few organizations reached a decent level of maturity in their patch management efforts?
Pwnie Awards Bring Fame And Shame
The third annual Pwnie Awards at Black Hat in Las Vegas, hosted by Alex Sotirov, Dino Dai Zovi, HD Moore, Halvar Flake, and Rich, celebrated the highs and lows in the security industry. As Dino said, "First we reward for great work, then we shame."
Black Hat, Day One: Rationalizing And Reinforcing My Pessimistic World View
When I arrived in Las Vegas, I already smoldered and grumbled about the facts that online trust mechanisms are untrustworthy, and that browsers' fundamental weaknesses persist despite the fact that better browsers would make an incalculable impact on overall Web security. Yesterday's sessions simply added more kindling to the fire.
Small Businesses Should Move To Shared Storage Sooner
With the cost of direct attached storage (DAS) dropping and the capacity that it can deliver for those dollars increasing, you would think that the demand for shared storage is dwindling. Reality is that shared storage is on the rise and the biggest reason for its growth has little to do with storage management or even data protection. Those are nice side benefits, however the real motivator is server virtualization.
Black Hat: Android, iPhone SMS Flaws Revealed
Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They're presenting on Thursday but their findings have been published.
Metasploit Meterpreter For Mac Coming Soon
Meterpreter is by far one of the most powerful and most advanced payloads included in the Metasploit Framework. It's been the joy of penetration testers and the bane of incident responders and until now, it's only been a payload targeted at Windows systems, while Mac users have dodged a bullet. But that won't be the case for much longer, as demonstrated by Dino Dai Zovi in a 20-minute breakout session at Black Hat today titled "Macsploitation with Meterpreter."
UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come.
BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most wel
Obama Administration Going Soft On Cybersecurity
Viruses, botnets with international botmasters, denial-of-service attacks on government properties, cyberbullying, and the increasing threat of identity theft plague every resident, from child to adult, regardless of whether they are actually ever online -- U.S. cybersecurity has been little more than a bad joke.
Microsoft Plans Emergency Patch Tuesday
Two out-of-band security bulletins will be issued tomorrow to fix a critical flaw in Internet Explorer and a related issue in Visual Studio. Microsoft is withholding details until the patches are released.
Unifying The Infrastructure
We've spent the last several entries discussing the unification of storage and there is one aspect of unification that I have not discussed; unifying the infrastructure. I do currently have a series of videos currently running with Information Week on FCoE so in this entry I'll just touc
Close To Half Of SMBs Defenseless Against Cybercrime: Panda
44% of U.S. small and midsized businesses have suffered at least one incident of cybercrime, according to a study just out from Panda Security. And considering how spotty, inconsistent and just plain missing SMB defenses are, it's a wonder the figure isn't any higher than it is.
Congress Taking Steps To Secure Electric Grid
So the theory goes: one strategic Electromagnetic Pulse explosion (EMP) detonation over the mid-west United States could cripple the power grid, and even stop most electronic devices from a car's ignition to medical devices to radios and TVs to PCs from functioning. So what, if anything, are we doing about it?
6,000 New Malware Threats A Day: McAfee
Think you've seen explosive growth in the number of threats your business faces? Think again. New figures from McAfee indicate that the malware makers have put their creations on a growth curve aimed at flooding cyberspace with cybertraps, as many as 6,000 new ones a day. Every day. All year long (so far).
Malware Counts: Uncomfortably Numb
McAfee's security research group Avert Labs shows a more than doubling of malware from the first half of 2009 compared with the same period in 2008: that's 1.2 million unique malware applications up from about 500,000 in 2008. With the numbers now reaching the millions in a six-month period -- does virus and malware counting really provide us any value anymore?
The BlackBerry 'Trojan Horse'
Research In Motion's announcement that users in the United Arab Emirates (UAE) who installed an update on their BlackBerrys ended up with a surveillance application raises some key questions.
Adobe Warns Of Critical Flash Vulnerability
Echoing security warnings issued earlier this year, Adobe is warning users of Flash Player, Reader, and Acrobat to exercise caution online due to a zero-day vulnerability that's being actively exploited.
The Encryption Gap
Things that make us say "hmmm" include these stats: The percentage of respondents to our 2009 Strategic Security Survey who rated encrytion as effective in reducing risk dropped from 57% in 2008 to 48% in 2009. Use of disk, file, and backup media encryption ALL fell year over year by at least five percentage points. Backup encryption usage is down 10 points.