You just can’t cut corners today. In fact you need to be very careful about even “optimizing” your security efforts because it’s so easy to misjudge what needs to be secured and what doesn’t; what deserves your attention and what doesn’t. In fact, in a recent discussion with a colleague, we concluded that basically, “today,
Remember when Toyota was taking a bad rap for some of their cars supposedly accelerating for no apparent reason? Toyota ended up recalling millions of cars in an attempt to identify and correct the problem. After countless studies and millions of dollars spent, there has been no conclusive evidence that the problem is anything more than operator error.
As noted in our July blog post “Adjust Your Defense to the Changing Threat Vector,” third party applications now pose the greatest risk to network security. Simply turning on WSUS and patching the underlying OS and Microsoft applications leaves you woefully exposed. The bad guys know they can improve the success of an attack by going after vulnerabilities in applications you are failing to patch.
Much has been said over the past few years about the convergence of IT security and IT operations. Most companies look at this convergence from an optimization standpoint; hoping to increase security, achieve greater compliance, and reduce IT risk. Many larger companies, however, still operate under a siloed approach, working primarily with point solutions for security,
Windows 7 has arrived on the scene with much hoopla. Understandably, many IT folks have greeted it with some trepidation. Here are my thoughts on what you should consider before migrating to this new platform.
No. 1: Windows 7 is better than XP, which is now already eight years old. While Windows 7 may not be the perfect OS,
Apple clearly seems to have taken a page from the Microsoft playbook and is now regularly delivering software patches almost monthly — typically in the shadow of Microsoft Patch Tuesday. However, this month’s Apple patch release falls on the eve of Patch Tuesday as IT teams prepare to address tomorrow’s Microsoft Patch Tuesday.
The nearly 500 MB download from Apple that contains update 10.6.2 is again a not-so-subtle reminder that Patch Tuesday is no longer just a Microsoft issue.
Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet. The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom. In some circles, this seems to have lead to a complacency or belief that botnet infections are not a problem for well-maintained enterprise networks.
In general there are few “Facts of Life” that are accepted because there is an abundance of supporting data – hence, they simply cannot be disputed. Below are half a dozen “Facts of Life” I use in my own life that I’m happy to share:
1. If I smoke cigars or cigarettes it will have a significant negative impact on my health and could ultimately shorten my lifespan.
There’s no way this ends well.
The Wall Street Journal recently reported (sub. req’d) that Starwood Hotels filed suit against Hilton Hotels and two former employees, Ross Klein and Amar Lalvani, for corporate espionage, theft of trade secrets and unfair competition. Klein was the former President of Starwood Luxury Brands Group,
Wireless has always been a concern but it is about to become a nightmare
For me, it started years ago with a curiosity of the useful wireless access point detection tools that were freely downloadable on the Internet. I have regularly used NetStumbler to identify rogue access points for my clients. It is typically run on a laptop and a version is also available called MiniStumbler that will run on a PDA.
We’ve hardly stepped into 2009, yet it has already become clear that we’re in for another rocky year when it comes to headline data breaches, botnets, and social networking threats. Just look at our Annual Report and Threat Predictions for 2009. It is enough to make a security guy like myself shake his head because these high-profile security events aren’t new.
Just read an interesting article by Bill Brenner, who writes the FUD Watch blog at CSO, entitled Debunking the Patch Tuesday Hype Machine. In it, Mr. Brenner points to the onslaught of press releases he receives as the second Tuesday of every month approaches, warning that …
… the apocalypse is at hand.
SQL injection attacks have been in the news lately given two recent highly publicized attacks against security vendors. According to a recent IBM report, SQL injection attacks increased 30X between this past summer and the end of 2008 and resulted in a 50 percent increase in the number of malicious URLs hosting exploits.
As the security by obscurity veil is lifted from the systems that control and protect our national infrastructure, we are again reminded of the importance of a prudent vulnerability / patch management program.
Multiple vulnerabilities in the AREVA e-terrahabitat SCADA system that is used to control core components of power plants and power distribution globally are at risk.
I came across an article by Matt Hines of eWeek and Security Watch Blog where he restated some interesting data from a recent Websense study that pointed out that 70% of the Web’s top 100 most popular sites were compromised in some way during the 2nd half of 2008.
I would like to point out that the great recession started in the 2nd half and we can surely see that cybercrime did not abate.