RSA 2009 Best of Show
As much of the security industry recovers from RSA Conference 2009 in San Francisco it is time to attempt to condense a five day conference to few hundred words. There were 360 vendors on the exhibition floor and many more who...
Top Ten removable media security incidents
I thought it would be valuable to put the top ten most important incidents regarding removable devices, including hardware keystroke loggers, USB thumb drives, and MP3 players, together into a list. It helps highlight the risks...
Take the log management survey
In security we live and breath by the results of surveys. From annual spending surveys to awareness results from the Ponemon Institute.The SANS Analysts Program is running their fifth annual Log Management Survey. The results will be...
Security prognostications are too easy
It is never satisfying being the Nostradamus of security. No matter how many warnings you give through your writing, presentations, and conversations you will always be in a position to say “I told you so” because security is not...
2008 Security lessons learned
While many bloggers and trade journals are scrambling to get their 2009 security predictions out this week (See TechBuddah for instance). I have decide to eschew the publicity train this year.2008 saw some security events that...
Nasa at risk
This BusinessWeek article on attacks against the crown jewel of US technology and innovation is rather disturbing. While most of the incidents have been previously released, or rather- dribbled out on the QT,BusinessWeek has had...
Ten best practices for avoiding data loss during layoffs
Re=posted from ThreatChaos.com An economic downturn is one of the most difficult times to protect data. Layoffs create disgruntled employees and provides them with motivation as they face the prospect of loss of income. ...
It's official. Moving on.
I have been taking a look at the security industry lately as I get back into being a full time analyst. Preliminary results indicate that about 30% of 1,200 companies I tracked two years ago have either been acquired or have quietly...
A letter to President Obama
Dear President Obama: By the time you read this you will be the president-elect of the United States of America. I am writing to alert you to the serious action that is required to secure the information systems of the...
False scares
I swore I would not write a Halloween post. When it comes to Halloween I am a Scrooge. Bah, humbug. (Alright, I do have a weakness for candy pumpkins.) But this press release from Imation was timed to coincide with Halloween week...
Rant: do we have to call it Homeland Security?
I have been looking at the makeup of the Security Leaders Group I manage at Linkedin.com. Posted below is the breakdown of the 1,403 members and the countries they reside in. With a membership of security professionals and thought...
Twitter squatting
If you have been immersed in real life lately you may not have twigged to Twitter, the micro-blogging site that has recently hit critical mass. By my measure whenever a new internet phenomenon is noticed by the Wall Street Journal...
Have some toast with that SPAM omelet
Spam Omelet. They pull data from the global collection of email addresses that Bitdefender has set up to capture spam (honeypots) and report on such things as common words used in Spam. This image is an example.The actual...
Nope it is RPC DCOM 2.0
Microsoft just released their "out of band" security bulletin. There is a gaping hole in the way most Microsoft platforms serve Remote Procedure Calls (RPC). This is on the order of severity of the original RPC DCOM vulnerability...
Microsoft to announce TCP DoS patch today?
Microsoft has announced that at 1 PM Pacific they will issue an "out of band" security patch. Meaning, of course, that this is in addition to the regularily scheduled once-a-month patch Tuesday releases. For the best ever...
Worried about electronic snooping of key strokes? Forget about it.
While technically enthralling, the recent buzz over the vulnerability discovered in the way manufactures wire keyboards is unwarranted. While it is too late for the concept to be worked into the next James Bond movie due out in...
DHS discovers the challenge of creating a collaborative social network
The GAO (Government Accountability Office) has held up the deployment of the DHS (Department of Homeland Security) critical (non-classified) information sharing system. The unlucky group that must deal with the herculean task of...
Looking for a job in security?
Here are a couple: Director Global Cyber Security Management SALARY RANGE: 114,468.00 - 172,200.00 USD per yearThis position is located in the National Cyber Security Division (NCSD), Office of Cyber Security Communications...
Skype spam malicious?
A very cleverly crafted message delivered over Skype came in this afternoon. I asked Alex Eckelberry over at Sunbelt to check it out. Not really malicious but his take is that it is completely fraudulent. I hope this is not a...
Back ground checks: Required, but how?
I once worked for an automotive supplier. We were launching a new plant in Tennessee. We had the equivalent of a casting call in the local community for people to work on the line assembling car seats. We had trouble getting 120...
