Comments
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Newest First  |  Oldest First  |  Threaded View
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
8/1/2014 | 9:16:40 PM
Re: Who to Trust?

@ ThreatTrack - Well said and from my point of view it is basically trust no one and if I have to put my trust in someone it is more than likely a US based company.  An not to sound cynical but I know there entities that I definitely don't trust, and frankly never will.  Dark reading for the dark side.

ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
8/1/2014 | 10:30:50 AM
Who to Trust?
While the recent revelations of the actions of the NSA are causing many to question the role of the government in ensuring high levels of IT security, it's the combination of the U.S. government and private enterprise that will be considered trustworthy – assuming the relationship changes and certain measures are created. That will happen when and only when government and enterprises freely share information and work to develop cryptography and cyber security standards as well as policies designed to protect assets and systems. Remember, there is no greater source of innovation, capital and brainpower than what we have in the U.S.  – and that, combined with policy changes at the federal level, will guarantee that the government/private business partnership will be considered trustworthy.

 
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
7/30/2014 | 8:33:46 AM
Re: This is a U.S. technology problem that needs to be addressed!
So if the US is not "Trusted" for security.  Help me to understand who is considered trustworthy?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/11/2014 | 10:14:51 AM
Re: This is a U.S. technology problem that needs to be addressed!
That's a great point, Julian. That the protectionism  puts the smaller companies at a greater disadvantage abroad than the multinationals. In terms of fair play, it's a great argument. I hope our public officials are listening. Well, probably the NSA already is, but in a different context. 
ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
7/11/2014 | 9:54:46 AM
This is a U.S. technology problem that needs to be addressed!
Glad you all got something out of my post! To @Marilyn's point, this is definitely less of a cloud vs. on-premise problem than it is a U.S. tech problem, and the trouble is that some very small but innovative technology providers may have difficulty gaining traction in foreign markets simply because their products are American made. The costs I mentioned that would have to be overcome in some instances would deter all but the blue-chip firms from even trying to extend their reach. Hopefully, our government is listening and paying attention and will do its best to uphold our nation's "brand" as a believer in fair play.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/10/2014 | 1:00:33 PM
Re: the cloud is compromised
@BiffSpackle. Agree. There's plenty of malware directed at data physically located in on-premises datacenters. But the protectionism that Julian speaks of is a serious issue for US CSPs doing business globally.
BiffSpackle
50%
50%
BiffSpackle,
User Rank: Apprentice
7/9/2014 | 5:18:38 PM
Re: the cloud is compromised
Given the proliferation of malware inside some organizations, it may be safer to run in the cloud!

 

Jes' sayin'...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
7/9/2014 | 5:13:48 PM
Re: the cloud is compromised
This information really damaged the credibility of the cloud. Between cybercriminals and rogue cloud implementations from employees (that then lack any internal controls and are subject to hacking/loss/other breaches) and what we know about NSA, Chinese, and potentiall other nations' spying activities, you'd be hard-pressed to entrust your data in this way.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/9/2014 | 4:53:02 PM
the cloud is compromised
I don't see how anyone with information that needs protection can now entrust it to the cloud. 


Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.