Comments
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Newest First  |  Oldest First  |  Threaded View
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
8/1/2014 | 9:16:40 PM
Re: Who to Trust?

@ ThreatTrack - Well said and from my point of view it is basically trust no one and if I have to put my trust in someone it is more than likely a US based company.  An not to sound cynical but I know there entities that I definitely don't trust, and frankly never will.  Dark reading for the dark side.

ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
8/1/2014 | 10:30:50 AM
Who to Trust?
While the recent revelations of the actions of the NSA are causing many to question the role of the government in ensuring high levels of IT security, it's the combination of the U.S. government and private enterprise that will be considered trustworthy – assuming the relationship changes and certain measures are created. That will happen when and only when government and enterprises freely share information and work to develop cryptography and cyber security standards as well as policies designed to protect assets and systems. Remember, there is no greater source of innovation, capital and brainpower than what we have in the U.S.  – and that, combined with policy changes at the federal level, will guarantee that the government/private business partnership will be considered trustworthy.

 
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
7/30/2014 | 8:33:46 AM
Re: This is a U.S. technology problem that needs to be addressed!
So if the US is not "Trusted" for security.  Help me to understand who is considered trustworthy?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/11/2014 | 10:14:51 AM
Re: This is a U.S. technology problem that needs to be addressed!
That's a great point, Julian. That the protectionism  puts the smaller companies at a greater disadvantage abroad than the multinationals. In terms of fair play, it's a great argument. I hope our public officials are listening. Well, probably the NSA already is, but in a different context. 
ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
7/11/2014 | 9:54:46 AM
This is a U.S. technology problem that needs to be addressed!
Glad you all got something out of my post! To @Marilyn's point, this is definitely less of a cloud vs. on-premise problem than it is a U.S. tech problem, and the trouble is that some very small but innovative technology providers may have difficulty gaining traction in foreign markets simply because their products are American made. The costs I mentioned that would have to be overcome in some instances would deter all but the blue-chip firms from even trying to extend their reach. Hopefully, our government is listening and paying attention and will do its best to uphold our nation's "brand" as a believer in fair play.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/10/2014 | 1:00:33 PM
Re: the cloud is compromised
@BiffSpackle. Agree. There's plenty of malware directed at data physically located in on-premises datacenters. But the protectionism that Julian speaks of is a serious issue for US CSPs doing business globally.
BiffSpackle
50%
50%
BiffSpackle,
User Rank: Apprentice
7/9/2014 | 5:18:38 PM
Re: the cloud is compromised
Given the proliferation of malware inside some organizations, it may be safer to run in the cloud!

 

Jes' sayin'...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
7/9/2014 | 5:13:48 PM
Re: the cloud is compromised
This information really damaged the credibility of the cloud. Between cybercriminals and rogue cloud implementations from employees (that then lack any internal controls and are subject to hacking/loss/other breaches) and what we know about NSA, Chinese, and potentiall other nations' spying activities, you'd be hard-pressed to entrust your data in this way.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/9/2014 | 4:53:02 PM
the cloud is compromised
I don't see how anyone with information that needs protection can now entrust it to the cloud. 


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.