Comments
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Newest First  |  Oldest First  |  Threaded View
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
8/1/2014 | 9:16:40 PM
Re: Who to Trust?

@ ThreatTrack - Well said and from my point of view it is basically trust no one and if I have to put my trust in someone it is more than likely a US based company.  An not to sound cynical but I know there entities that I definitely don't trust, and frankly never will.  Dark reading for the dark side.

ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
8/1/2014 | 10:30:50 AM
Who to Trust?
While the recent revelations of the actions of the NSA are causing many to question the role of the government in ensuring high levels of IT security, it's the combination of the U.S. government and private enterprise that will be considered trustworthy – assuming the relationship changes and certain measures are created. That will happen when and only when government and enterprises freely share information and work to develop cryptography and cyber security standards as well as policies designed to protect assets and systems. Remember, there is no greater source of innovation, capital and brainpower than what we have in the U.S.  – and that, combined with policy changes at the federal level, will guarantee that the government/private business partnership will be considered trustworthy.

 
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Apprentice
7/30/2014 | 8:33:46 AM
Re: This is a U.S. technology problem that needs to be addressed!
So if the US is not "Trusted" for security.  Help me to understand who is considered trustworthy?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/11/2014 | 10:14:51 AM
Re: This is a U.S. technology problem that needs to be addressed!
That's a great point, Julian. That the protectionism  puts the smaller companies at a greater disadvantage abroad than the multinationals. In terms of fair play, it's a great argument. I hope our public officials are listening. Well, probably the NSA already is, but in a different context. 
ThreatTrack Security
50%
50%
ThreatTrack Security,
User Rank: Author
7/11/2014 | 9:54:46 AM
This is a U.S. technology problem that needs to be addressed!
Glad you all got something out of my post! To @Marilyn's point, this is definitely less of a cloud vs. on-premise problem than it is a U.S. tech problem, and the trouble is that some very small but innovative technology providers may have difficulty gaining traction in foreign markets simply because their products are American made. The costs I mentioned that would have to be overcome in some instances would deter all but the blue-chip firms from even trying to extend their reach. Hopefully, our government is listening and paying attention and will do its best to uphold our nation's "brand" as a believer in fair play.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/10/2014 | 1:00:33 PM
Re: the cloud is compromised
@BiffSpackle. Agree. There's plenty of malware directed at data physically located in on-premises datacenters. But the protectionism that Julian speaks of is a serious issue for US CSPs doing business globally.
BiffSpackle
50%
50%
BiffSpackle,
User Rank: Apprentice
7/9/2014 | 5:18:38 PM
Re: the cloud is compromised
Given the proliferation of malware inside some organizations, it may be safer to run in the cloud!

 

Jes' sayin'...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
7/9/2014 | 5:13:48 PM
Re: the cloud is compromised
This information really damaged the credibility of the cloud. Between cybercriminals and rogue cloud implementations from employees (that then lack any internal controls and are subject to hacking/loss/other breaches) and what we know about NSA, Chinese, and potentiall other nations' spying activities, you'd be hard-pressed to entrust your data in this way.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/9/2014 | 4:53:02 PM
the cloud is compromised
I don't see how anyone with information that needs protection can now entrust it to the cloud. 


What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14072
PUBLISHED: 2018-07-15
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
CVE-2018-14073
PUBLISHED: 2018-07-15
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
CVE-2018-14068
PUBLISHED: 2018-07-15
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
CVE-2018-14069
PUBLISHED: 2018-07-15
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
CVE-2018-14066
PUBLISHED: 2018-07-15
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo p...