There is no question that cyberspace is a new frontline in traditional and untraditional conflict. Many nations and organizations have the ability, directly and by proxy, to target and attack critical infrastructure within the US and worldwide. The recent cyber attacks launched within China against Google and several other companies raised questions about the state of industry preparedness to help defend cyberspace.
The US government relies on commercial industry to safeguard the Internet, telecommunications, power, water, and other critical infrastructure that underpin our national economy. Elements of this infrastructure also directly support our ability to project military power worldwide. Continue reading this post…
Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. Continue reading this post…
Earlier today, CoreTrace announced a record breaking 2009. The results are further proof that CoreTrace’s award-winning BOUNCER technology continues to be one of the leading endpoint security solutions in the application whitelisting market.
Some of the highlights include:
- Eighth consecutive quarter of record growth.
- 500 percent revenue growth over 2008.
- GlobalSCAPE Inc. investment of $2.3 million. Continue reading this post…
According to Gartner’s Avivah Litan, even two-factor authentication systems can’t stop today’s cyber thieves. Over the past few months, banks around the world that rely on one-time-password authentication systems have been compromised by man-in-the-middle attacks, despite having two-factor security in place.
Thomas Claburn of InformationWeek writes in his article, “Strong Authentication Not Strong Enough,” that fraudsters are now using call forwarding to bypass security measures. Continue reading this post…
In its 2009 Annual Security Report, released today, Cisco Systems did an excellent job of explaining the 2009 threat landscape and outlining its expectations for 2010.
While the 40 page report covers many, many topics, there was one overarching theme that continued to bubble to the surface for me: there are no patches for people, and people are the primary vulnerability going forward.
Like it or not, our people (employees, contractors, partners, etc.) will continue accessing social media sites, cloud computing solutions and parts of the web that we know nothing about (the “Dark Web” as Cisco calls it). Continue reading this post…