Looking back, I have to say that January brought some security industry setbacks, highlighted by Operation Aurora and the publicity surrounding Google’s claims of highly coordinated attacks from China. Particularly relevant to us in these attacks is the fact that application whitelisting would have stopped the attacks while anti-virus was once again helpless to prevent new and targeted attacks. As always, I appreciate your readership and hope that this blog continues to bring value and insight to what we as security professionals are up against in 2010. So without further delay, here were some of the top stories from January 2010. ( Read More… )
Much has already been written about the impact of Operation Aurora on the threat landscape. The international attacks on some of the world’s leading Internet companies reminded us once again of the vulnerabilities within interconnected networks that can be accessed from virtually anywhere in the world.
These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network. ( Read More… )
As I’ve mentioned before, Microsoft’s inclusion of AppLocker, the embedded technology that decides which software should or should not run based on an IT administrator’s rules, in Windows 7 was further validation that application whitelisting has emerged as the anti-malware solution of the future. While the Windows 7 default security model certainly provides a level of protection against malware threats, for enterprises that require stronger protection with less manual tuning, it is not enough. ( Read More… )
Despite consorted efforts to detect and block one of the world’s most dangerous forms of malware, security experts predict the Conficker worm will continue to deactivate security defenses and wreck havoc on computer networks throughout 2010. That’s bad news for security professionals who are actively doing everything they can to protect their networks from more harmful botnets and malware. ( Read More… )
Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. ( Read More… )
Most recent comment:
Doug Finley @ Naknan
Maybe the Europeans should take it one step further. If problems with IE is good cause for banning IE, then ...