Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Apple Without Jobs: Who Secures A Company's Heart?
Very often a founder is the heart of a unique, successful company, or in the case of IBM it was actually the son of the founder, Thomas Watson Jr. All the focus this week on the likely departure of Steve Jobs from Apple has me thinking back about one of my very first jobs at Disney shortly after Walt died. In many ways these men embodied more than their companies' brands: They embodied a way of thinking about business that wasn't defined in dollars and cents; it was defined by imagination, carin
ID Theft and Police Scanners
When asked why he robbed banks, the flamboyant criminal Willie Sutton answered, "Because that's where the money is." That's the perfect example of how the principle of Occam's razor applies to crime: the simplest solution to a problem is often the best one. With the economic downturn, high unemployment rates, and the booming business of identity fraud, would-be criminals are on the lookout for easy methods to get access to personal information. And we stumbled across one such way during a rece
SIFT Workstation And Resources For Aspiring Forensic Examiners
Rob Lee of Mandiant and a faculty fellow from the SANS Institute gave the forensic community an early Christmas present with the release of version 1.2 of the SIFT Workstation. It is a Linux-based VMware appliance pre-configured with the tools needed to conduct a forensic examination. Rob has developed the SIFT Workstation for the SANS course he developed and teaches, which is ve
Yes, Virginia, There Will Be More Attacks
This is the time of year when the editor of a publication usually issues a warm and fuzzy holiday message that's supposed to make you want to gather around the fire with your family for a group hug.
Unless, of course, your publication has to do with information security.
Check Point Buys Nokia's Security Appliance Business
Acquisition will expand Check Point's product line, execs say
Database Breach Preparedness
A copy of "SQL Server Forensic Analysis," by Kevvie Fowler, arrived in my mailbox today. I'd been looking forward it to because it is a highly topical subject given all of the data breaches that have occurred in the past couple of years involving databases. David Litchfield has produced numerous whitepapers and presented on the topic of Orac
The 2009 Security Tsunami
Many in the United States think the party in power has sacrificed too much privacy and liberty in order to address security concerns, particularly in regard to terrorism. The incoming administration is likely to undo a lot of this, but, at the same time, a massive number of very upset people with and without tech skills are going to find themselves jobless.
IE7 Zero-Day Lessons
The recent zero-day IE7 vulnerability is a big deal. Hackers used it to hack into hundreds of thousands of machines, if not millions. Both IE7 and Vista are vastly more secure than their predecessors, yet this bug sliced right through them to give the hacker a robust exploit. We need to do a post mortem of this event to figure out what we should do in the future.
Out-Of-Cycle Patches Test Maturity Of Patch Management Programs
With two out-of-cycle security updates from Microsoft this fall, organizations are getting the opportunity to evaluate the maturity of their patch management processes through trial by fire.
Researcher: Poor SSL Implementations Leave Many Sites At Risk
Major sites continue to operate with expired or misconfigured SSL certificates, according to a researcher at Canola & Jones
Can You Vote for Me Now? Estonia First Country to Cast Cell Phone Votes
The Estonian Parliament has passed a law that will allow citizens to vote via cell phone by 2011. In the past, Estonians were able to cast their votes over the Internet, which apparently worked seamlessly despite security concerns. (See Sara Peters' coverage of e-voting in Estonia in the November 2005 Alert, Academic Group Publishes Criticisms of e-Voting; memb
Nostalgic For Cybercrime
I spent last week serving as a juror in a murder trial. Jury duty is a bit like living in an alternate universe: You live and breathe the trial, but you can't say a word about it to anyone until it's all over. I was unable to discuss what I was hearing each day in the courtroom and prohibited from watching or reading the news so that I wouldn't inadvertently hear any press on the case. And my fellow jurors and I weren't allowed to talk at all about the case until our deliberations.
DNSChanger Trojan Spoofs DHCP Responses To Unsuspecting Victims
Malware analysis has been a small obsession of mine for at least the past four years. I always have a virtual machine sitting around just waiting to be subjected to the next unknown executable that lands in my lap. A psychologist might say I have some "issues" since I get excited from the thought of infecting hapless Windows machines.
USB Flash Drive Network Weaponization
Last month, the U.S. Department of Defense took drastic measures to stomp out a "rapidly spreading worm crawling across their networks" by banning USB flash drives and other removable media (see Wired's "Under Worm Assault, Military Bans Disks, USB Drives"). While knee-jerk reactions like this are sometimes useful to curb particular issues, quite often they wind up ineffective in the long term because decisions
Free Software to Protect Virtual Machines in the Cloud: Third Brigade VMware Protection
There are some ways to effectively begin securing your information in the cloud. We've recently been pondering whether one can prove compliance with security and privacy regulations in the cloud. Luckily, while cloud services still may not be right for handling health or payment card information, security vendors and cloud service providers are beginning to offer ways to effectively secure your cloud-based computing resources and satisfy some compliance requirements.
Chasing A Moving Target
Coping with a Microsoft "Black Tuesday" is bad enough when there's 28 vulnerabilities being patched, but add to it a zero day vulnerability in Internet Explorer 7 (IE) that's being exploited in the wild and it could turn into a pretty bad week. Since none of the patches released by Microsoft during their normal December patch cycle address t
Next-Gen Firewall To Offer Limited Data Loss Prevention Capabilities
Palo Alto Networks devices can detect credit card, Social Security numbers on the fly -- and stop them from leaving the corporate net
Crossing The Streams -- Virtually
Everywhere I go, virtualization is being used. No matter the size of the organization, virtualization has taken off with, what appears to be, very little concern about security. As security professionals, we know not to mix security domains across the same physical machines or cluster. Why? The answer is simple. A vulnerability could exist in the virtualization product that would allow an attacker to exploit a less secure, or lower value, guest VM allowing them to run arbitrary code on the host
Is Obama's Mac A National Security Risk -- And Will He Be Allowed To Keep It?
There was a lot of focus a few weeks ago about whether President-elect Obama was going to be allowed to keep his BlackBerry. The discussion seemed kind of silly given how many BlackBerrys are in wide use in the U.S. government. However, you may recall that a foreign national stole a couple a few months ago, which certa
Alternative Web Browsers: Do They Have A Fighting Chance?
How many Web browsers can you name? Besides the most common -- Internet Explorer (IE), Firefox, and Safari -- I know of Google's Chrome, Opera, and some Linux-specific browsers. That's it. So I was interested to read Computerworld's article ("Too good to ignore: 6 alternative browsers,") which gives a good overview of six alternative browsers (really five if you don't count separa
Were Early Warnings Ignored Prior To Mumbai Attack?
Earlier this week it was implied that early warnings of an Islamic terrorist attack were "lost in the system." At this time, I am not able to find a credible enough source to prove whether this was actually the case, but it is rumored that the warning was specific in that the attack would come from the sea.
Hiding In Plain Sight Doesn't Work
I do a lot of penetration tests and vulnerability assessments for an assortment of business of all sizes. While doing these types of tests, I run into a lot of goofy configurations, strange setups, and wacky ideas that are an attempt by the client to improve security. The most head-scratching setup I constantly run into involves SSH on a port other than the one it is assigned, Port 22.
Cheat Sheets For Responders and Server Administrators
It's not uncommon that organizations experience security breaches during the holidays. Malicious attackers who are determined to get in aren't going to take time off. They also know that there is most likely a skeleton crew, or less, manning the operations, so their activities have a greater chance of going unnoticed. Hopefully, none of you returned to work this morning to find your users complaining of strange behavior on their desktops, unexplainable network slowdowns, or other odd occurrences
|
Latest Comment: Becky thought the "Assistant in a Drawer" device was a great idea, until she realized she couldn't stop all the "pop-ups"
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
