Bank complacency still exists
One of the problems that financial institutions exhibit over and over is indulging in faulty risk calculations. Say for instance that you had 600,000 online banking clients and 3 of them succumbed to a phishing attack. That would be...
Kentucky should be annexed by Australia
Weekend rant. China), and parental nations alike. The latest news is that Australia’s attempt to protect their children from the ravages of the Internet and the dark recesses of the human psyche is that their national filtering...
As predicted, social networks are fertile ground for hackers.
In retrospect predicting that Facebook and MySpace worms would arise seems like a no-brainer. The researchers at F-Secure describe a new threat from Net-Worm.Win32.Koobface.bp which spreads by inducing you to watch a YouTube video...
Is the World Bank really compromised?
Fox News reported a few days ago that over 40 servers belonging to the World Bank(a pseudo-bank really) have been compromised. Now, the World Bank is not really a bank as much as it is a funnel of funds from various countries into...
Exposing 30 million IDs is a good reason for web application defense
MI5Networks, Nir Zuk of Palo Alto Networks, and Shlomo Kramer of Imperva. All of them are industry veterans and all of them are developing products to address the inability of standard network security gear to address web...
War on data escalates. Watch out for piggyback cards in POS terminals.
First there was the drive by wireless hacks used against DSW and TJX. That was followed by the ingenious POS swap scheme at Stop and Shop ( Identity Theft Getting Physical ) Remember? A team of three men would enter a convenience...
The perimeter is fractal
Jericho Forum, which promulgates this false idea, many CIO's are going to make bad security investment decisions. If there is one meme that needs to be squelched it is the concept of the "disappearing perimeter". Thanks to the...
Symantec makes huge purchase of MessageLabs
Symantec just announced an acquisition of UK based MessageLabs at an incredible 4.8X trailing revenue multiple. McAfee only paid 2X for Secure computing. At those multiples Webroot is worth over $500 million and Fortinet would...
State of the security industry: Good for now
(Note: this is a static image from October 8, 2008) As I ramp up the research activities of IT-Harvest I have polled over twenty vendors on their health. Now, mind you, vendors *always* tell analysts that they are doing great. They...
Now MI6 loses handheld in computer theft incident
Last week it was MI5 and a camera with pictures of terrorist weapons and documents sold on eBay. This week it is “an encrypted hand-held computer” stolen from an open window in a “house rented by MI6” (safe house?). MI6 is of course...
Finally, UK citizens have a reason to encrypt.
It has often been asked: “why bother encrypting email? It is too hard for bad guys to intercept email”. But now, in the UK, the good guys are maneuvering to put in place a system to eavesdrop on every email, IM, text message, and...
Alberta at risk. No surprise.
By now it is not surprising when a government security assessment reveals problems. Alberta added themselves to the list with a report of serious lack of security controls and evidence that hackers had already intruded on government...
It’s National Cyber Security Awareness Month
National Cyber Security Awareness month. From the cyber security Czar, Assistant Homeland Security Secretary Greg Garcia speaking at a kick off event about Government networks and systems: You might have missed that October is...
Skype’s security invalidated for 69 million users
discovered that eBay’s Chinese partner, Tom Group, has modified the version of Skype they distribute to their customers. The Trojan version of Skype identifies key words like Falun Gong, democracy, milk, and earthquake. It then...
Computer kleptomaniac steals from Navy and Marine Corps lab
Bear with me as I ramble a bit. My very first job out of college was in the engineering department of an automotive supplier. While I was responsible for the new fangled CAD stuff we still did a lot of work with pencil and paper...
Kevin Mitnick’s best practices for data protection
this article that spells out the hassles he experienced when returning from Bogota this two weeks ago. I usually avoid giving convicted felons such as Kevin Mitnick much credence. While I acknowledge that Mitnick was a gifted phone...
Don’t Trust Trusted Third Parties
I have been presenting my thoughts on cyber warfare at various venues across the US this autumn. A major point, that I have also stressed in this security blog, is that China is engaged in active industrial and military espionage. ...
James Bond sells camera containing Top Secret material on eBay
reporting that an MI6 agent forgot to erase top secret images and documents from a Nikon CoolPix digital camera before selling it on eBay. The agent, soon to be sacked according to the article, got about $35 for the camera which...
Secure Computing not a good match for McAFee
While it has been evident for a couple of years now that McAfee was neglecting the network security space by not having a firewall in their portfolio, acquiring Secure Computing is not the move for McAfee. A story: I had been at...
Monitor data access to protect against snooping
A couple of news items this week in the Data Protection Weekly newsletter once again highlight the importance of taking an insider's approach to data protection.Many DLP (Data Leak Prevention) strategies focus on the accidental loss...
