How To Avoid Collateral Damage In Cybercrime ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

Joe Stanganelli,
User Rank: Ninja
7/3/2015 | 10:42:27 AM

Re: More Stringent Vetting Process

> Even though you used reductio ad absurdum to make it

What's wrong with that? :p It's a technique, not a logical fallacy.

> I don't think registration of trusted parties is comparable to a myriad of ID's.

Just another form of multifactor identification. ;)

In any case, tell NSTIC that...

Reply | Post Message | Messages List | Start a Board

50%

RyanSepe,
User Rank: Ninja
7/2/2015 | 7:42:08 AM

Re: More Stringent Vetting Process

Very much agree with your statement. Even though you used reductio ad absurdum to make it as I don't think registration of trusted parties is comparable to a myriad of ID's.

To your point, balance is important. Otherwise, other methods that provide an increased ease of use will be leveraged and those could contain even less security measures then the previously mentioned. This premise is not exclusive to OpenDNS.

Reply | Post Message | Messages List | Start a Board

50%

Joe Stanganelli,
User Rank: Ninja
6/30/2015 | 11:03:41 PM

Re: More Stringent Vetting Process

Well, that's always the detriment/tradeoff, isn't it? Alas, security and accessibility are fated to be eternal mortal foes.

We could secure access to email and other systems rather well by eliminating networks altogether by requiring face-to-face authentication at a designated computer terminal with three forms of government ID, along with eye and fingerprint scans, but that would be highly impractical. Cybersecurity is only partly about protection; it's about finding the balance -- the line -- in that tradeoff between functionality and protection.

Reply | Post Message | Messages List | Start a Board

50%

RyanSepe,
User Rank: Ninja
6/25/2015 | 11:37:23 AM

More Stringent Vetting Process

I think a better approach from a security standpoint would be a more stringent registration practice. This way, all malicious intenders would have a more difficult time getting into the "group". This would minimize the collateral damage substantially as any outside the database could be purged with minimal risk. Some would slip through obviously but revocation is always available upon discovery. Benefits: It would strengthen security posture. Detriments: It would take longer to register due to more stringent protocols and handling. This is also dependent on a centralized model of DNS providers.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 9/25/2020

Google Cloud Debuts Threat-Detection Service

Robert Lemos, Contributing Writer, 9/23/2020

Shopify's Employee Data Theft Underscores Risk of Rogue Insiders

Kelly Sheridan, Staff Editor, Dark Reading, 9/23/2020

Live Events

Webinars

Hear Microsoft, FedEx & VMware Speak @ Interop Digital

Network Automation Summit presented by Network to Code at Interop Digital

Interop Digital, Oct. 5-8; Learn the skills necessary for managing a IT Org

More Informa Tech Live Events

White Papers

[Forrester Research] The State of Data Security & Privacy

2020 SANS Cyber Threat Intelligence

Human Layer Security for Dummies

Jump into the Deep End with Your Cloud Transformation

How to Secure Applications 'On the Move'

More White Papers

Cartoon

Latest Comment: Well my facial recognition system didn't recognize you without your mask!

Cartoon Archive

Current Issue

Special Report: Computing's New Normal

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How IT Security Organizations are Attacking the Cybersecurity Problem

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-24565
PUBLISHED: 2020-09-29

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...

CVE-2020-25770
PUBLISHED: 2020-09-29

CVE-2020-25771
PUBLISHED: 2020-09-29

CVE-2020-25772
PUBLISHED: 2020-09-29

CVE-2020-25773
PUBLISHED: 2020-09-29

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]