Comments
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Newest First  |  Oldest First  |  Threaded View
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
8/1/2014 | 9:16:40 PM
Re: Who to Trust?

@ ThreatTrack - Well said and from my point of view it is basically trust no one and if I have to put my trust in someone it is more than likely a US based company.  An not to sound cynical but I know there entities that I definitely don't trust, and frankly never will.  Dark reading for the dark side.

ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
8/1/2014 | 10:30:50 AM
Who to Trust?
While the recent revelations of the actions of the NSA are causing many to question the role of the government in ensuring high levels of IT security, it's the combination of the U.S. government and private enterprise that will be considered trustworthy – assuming the relationship changes and certain measures are created. That will happen when and only when government and enterprises freely share information and work to develop cryptography and cyber security standards as well as policies designed to protect assets and systems. Remember, there is no greater source of innovation, capital and brainpower than what we have in the U.S.  – and that, combined with policy changes at the federal level, will guarantee that the government/private business partnership will be considered trustworthy.

 
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
7/30/2014 | 8:33:46 AM
Re: This is a U.S. technology problem that needs to be addressed!
So if the US is not "Trusted" for security.  Help me to understand who is considered trustworthy?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/11/2014 | 10:14:51 AM
Re: This is a U.S. technology problem that needs to be addressed!
That's a great point, Julian. That the protectionism  puts the smaller companies at a greater disadvantage abroad than the multinationals. In terms of fair play, it's a great argument. I hope our public officials are listening. Well, probably the NSA already is, but in a different context. 
ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
7/11/2014 | 9:54:46 AM
This is a U.S. technology problem that needs to be addressed!
Glad you all got something out of my post! To @Marilyn's point, this is definitely less of a cloud vs. on-premise problem than it is a U.S. tech problem, and the trouble is that some very small but innovative technology providers may have difficulty gaining traction in foreign markets simply because their products are American made. The costs I mentioned that would have to be overcome in some instances would deter all but the blue-chip firms from even trying to extend their reach. Hopefully, our government is listening and paying attention and will do its best to uphold our nation's "brand" as a believer in fair play.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/10/2014 | 1:00:33 PM
Re: the cloud is compromised
@BiffSpackle. Agree. There's plenty of malware directed at data physically located in on-premises datacenters. But the protectionism that Julian speaks of is a serious issue for US CSPs doing business globally.
BiffSpackle
50%
50%
BiffSpackle,
User Rank: Apprentice
7/9/2014 | 5:18:38 PM
Re: the cloud is compromised
Given the proliferation of malware inside some organizations, it may be safer to run in the cloud!

 

Jes' sayin'...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
7/9/2014 | 5:13:48 PM
Re: the cloud is compromised
This information really damaged the credibility of the cloud. Between cybercriminals and rogue cloud implementations from employees (that then lack any internal controls and are subject to hacking/loss/other breaches) and what we know about NSA, Chinese, and potentiall other nations' spying activities, you'd be hard-pressed to entrust your data in this way.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/9/2014 | 4:53:02 PM
the cloud is compromised
I don't see how anyone with information that needs protection can now entrust it to the cloud. 


Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.