Author

 Rob Enderle

Profile of Rob Enderle

News & Commentary Posts: 43
Articles by Rob Enderle

A Peek At The Intel-McAfee Strategy

10/12/2010
This week is McAfee's annual customer and partner event, and the first one since the announcement that Intel would acquire McAfee. The message at Focus is that the Intel-McAfee plan to secure all parts of the emerging highly distributed and massively diverse ecosystem -- from devices such as smartphones and tablets to large-scale virtualized servers -- in what is increasingly a SaaS and virtualized environment.

Post a Comment

Anticipating The First Car Virus

9/7/2010
I've been thinking a lot about Intel's acquisition of McAfee, and recently spent the afternoon with the company reviewing its strategy. Intel doesn't want to repeat the mistake made with the PC in regard to malware as we move to more common interfaces, operating systems, and network-connected TVs, appliances, manufacturing equipment, air conditioning and heating systems -- and, yes, automobiles and motorcycles. While a virus or an attack on a PC or server is certainly painful, the same attack on

Post a Comment

How RIM Could Fail

8/9/2010
Of the handset choices that are sold broadly on the market, the BlackBerry platform is the most inherently secure. To appeal to the business market it targets, it had to be better than any other handset or mobile solutions vendor. But with Saudi Arabia blocking the service and other countries expected to follow -- coupled with mistakes on its new flagship Blackberry Torch -- RIM could be on the brink of a Palm-like failure.

Post a Comment

Is Google Stealing Our Digital Freedom?

7/2/2010
With the Fourth Of July here, it's a good time to focus on freedom. It seems that often when new technology and new ways of getting revenue advance in an industry, those who don't understand that technology are exploited by those who do. Google's model seems to increasingly fit this mold, and the example it is setting is driving others down the same path.

Post a Comment

BP And The Importance Of Calling Out Corruption

6/18/2010
A recent article in Rolling Stone shows how the combination of a corrupt process for ensuring the safety of oil rigs, corruption of the information on the risk, the actual BP disaster -- and politics -- has resulted in the biggest environmental disaster in the country's history. It also mirrors a massive problem in IT security where political expediency, short-term financial gains, and personal benefits often trump good business practice.

Post a Comment

It's Time For Personal 'OnStar'-Like Security

3/12/2010
I recently saw a story about a young child who, upon being confronted by armed robbers in his home, had the presence of mind to lock himself in a bathroom with his younger sister and call 911. Doing so likely saved the lives of everyone in the house. Because this outcome is unusual, I think it's time we looked at personal security more closely.

Post a Comment

Tool Helps Prepare For Disaster

2/3/2010
When I see an event like the Haiti earthquake, I worry that we treat disaster preparedness much like we do data backup -- we don't really think about it until it's too late. We are faced with putting in place a plan to deal with disaster, and then realize we don't aren't properly prepared. But I might have found a tool that can help.

Post a Comment

How Obama Could Fix Airline Security

1/4/2010
Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to

Post a Comment

Snow Leopard's Toothless Trojan Defense

8/31/2009
Snow Leopard is the strongest business offering that Apple has ever fielded, but Apple remains in the dark ages when it comes to protection against malware and its unwillingness to work with third-party vendors to minimize the risk of bringing an Apple machine into a large business.

Post a Comment

It's Time To Integrate Physical And Virtual Security

8/13/2009
With examples of employee theft and the increasing threat of damage to systems by disgruntled ex-employees, it's time to consider presence-linked polices and implementing the Trusted Computing Group's new Trusted Network Connect (TNC) standard. We have the technology to better support our financial and intellectual property -- and in these hard times, we need to step up and do just that.

Post a Comment

Obama Administration Going Soft On Cybersecurity

7/28/2009
Viruses, botnets with international botmasters, denial-of-service attacks on government properties, cyberbullying, and the increasing threat of identity theft plague every resident, from child to adult, regardless of whether they are actually ever online -- U.S. cybersecurity has been little more than a bad joke.

Post a Comment

Apple Without Jobs: Who Secures A Company's Heart?

12/31/2008
Very often a founder is the heart of a unique, successful company, or in the case of IBM it was actually the son of the founder, Thomas Watson Jr. All the focus this week on the likely departure of Steve Jobs from Apple has me thinking back about one of my very first jobs at Disney shortly after Walt died. In many ways these men embodied more than their companies' brands: They embodied a way of thinking about business that wasn't defined in dollars and cents; it was defined by imagination, carin

Post a Comment

The 2009 Security Tsunami

12/19/2008
Many in the United States think the party in power has sacrificed too much privacy and liberty in order to address security concerns, particularly in regard to terrorism. The incoming administration is likely to undo a lot of this, but, at the same time, a massive number of very upset people with and without tech skills are going to find themselves jobless.

Post a Comment

Death of the AV Vendor: Microsoft Offers Free AV

11/18/2008
The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This will change that dramatically.

Post a Comment

Laptop Security During the Economic Crash

11/3/2008
Theft rates go up sharply when you have an economic crash. People are looking for items to take from homes and cars that are easy to transport and easy to sell. Laptops fall into this category because they are both small and easily sold -- especially if new, attractive, and one of the more desirable models. This suggests a number of best practices are necessary to ensure they don't walk off and, if they do, don't compromise the business.

Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.