I recently wrote about a the 60 Minutes special on cyber security, and how a former chief of national intelligence didn’t believe the U.S. is prepared for a sophisticated attack that could bring down a major power grid. Opinions varied about the special itself, but the one thing people shouldn’t overlook is that cyber threats are real and that the infrastructure that protects our power grids needs to be defended.
The spotlight on this need continued last week when President Obama issued a statement saying December was Critical Infrastructure Protection (CIP) Month. Proclamations like these won’t change the world. Our systems won’t magically become secure, and most of the people responsible for these systems are already working hard to defend them.
That said, this proclamation adds to the increased awareness of the need for infrastructure protection against all attacks including cyber attacks. Continue reading this post…
Sometime in 2010 virtually every new Windows PC will now come with a version of application whitelisting installed in the form of AppLocker. It’s time to start thinking about how application whitelisting will change the way you approach desktop security and how you intend to use whitelisting to protect your critical IT assets. In preparation for this shift, I thought it would be good to give some food for thought about what changes and what considerations you should give to your ultimate whitelisting strategy.
First, let’s look at what changes. Continue reading this post…
More companies than ever are looking at alternatives to blacklist antivirus. It isn’t hard to see why. Rampant botnets, endless patching, and signature distribution that simply can’t keep up with the threat are just a few of the reasons why IT and security professionals are looking for viable alternatives to protect their endpoints. Even Gartner group has said it is time to start over on desktop security. Continue reading this post…
Tomorrow Microsoft will release an operating system patch that represents the largest number of system fixes in Microsoft history. PCWorld gave the details in a post updated yesterday:
Microsoft says it will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software. Continue reading this post…
Last month I kicked off a post focusing on the top endpoint security stories in the past month. This month brought a number of endpoint security events ranging from the latest Microsoft zero-day vulnerabilities without a fix to botnet and phishing news. The theme of the month is that both individuals and corporations are simply losing the battle against online criminals when it comes to desktop security.
- Sept 1, 2009 – IIS FTP flaw announced with exploit code
Microsoft kicked off the month by confirming the publication of exploit code for the IIS FTP vulnerability that could allow remote code execution on affected systems. The vulnerability affected systems running the IIS web server and was particular dangerous to FTP servers that had anonymous accounts for uploads. Continue reading this post…