Blog

My Last Pitch for Defining

By Rich
Alan Shimel is reviving the zero day debate and coins a term “less than zero day” for vulnerabilities that are unknown from the public at large. Check out his series starting here, then here, and finally here. Rothman mostly agrees here, but (like me) isn’t enamored of the name. As I stated in my initial support for Alan’s position I think he’s mostly nailed it. There is a distinct difference between an unknown vulnerability, an unknown vulnerability for which there’s an active exploit, a new vulnerability that’s not patched (what most people call a 0 day),

This is not the Mac security you’re looking for.

By Rich
Arthur over at Emergent Chaos posted an amusing story on an organization’s reason for switching to Macs. It’s security. Just not necessarily what we mean when we say Macs are more secure. Yes- this company installed Windows on Intel Macs since Macs are more secure. We’re not talking virtualization or anything, but taking off OS X and installing Windows XP. I really never thought of that. (updated : direct link to the original story at deadbeat cafe)

It’s Time to Turn Off WiFi and Bluetooth When Not In Use (Mac or PC)

By Rich
A little birdie pointed me to the latest post over at the Metasploit blog. For those of you that don’t know, Metasploit is the best thing to hit penetration testing since sliced bread. To oversimplify, it’s a framework for connecting vulnerability exploits to payloads. Before Metasploit it was a real pain to convert a new vulnerability into an actual exploit. You had to figure out how to trigger the vulnerability, figure out what you could actually do once you took advantage of the vulnerability, and inject the right code into the remote system to actually do something. It

Apple, Security, and Trust

By Rich
Before I delve into this topic I’d like to remind readers that I’m a Mac user and Apple fan. We are a 2 person, 2 Mac, 3 iPod, 2 Airport Express household, with another Mac in the plans this spring. By the same token I don’t think Microsoft is evil and consider some of their products to be quite good. That said I prefer OS X and have no plans to switch to Vista, although I’ll probably run it in a virtual machine on my Mac. What I’m about to say is in the nature of protecting, not attacking,

Are Phishers Getting Lazy?

By Rich
I’ve noticed a marked decrease in the customer service from my phishers. Lately spam messages have been originating from “On-line Bank” and other generic addresses. Spelling mistakes are returning, and links no longer even pretend to go to a real bank’s site. Where’s the customer service guys? What’s wrong- is my business no longer important to you? Can’t you even make the effort to personalize your fraudulent messages and entice me with your ever-so-mangled, yet poetic, use of English? Phishing must be big business these days because, like other big businesses, they no longer seem

Data Protection- it’s More than A + B + C

By Rich
Stiennon covered the McAfee/Onigma deal over at Threat Chaos this weekend. Although I knew about the deal I try and avoid vendor/industry coverage here at Securosis, and, to be honest, it really isn’t worth covering. (Onigma is tiny and agent based, not really the direction the market is heading, and by the time McAfee integrates the tech they’ll be WAY behind the ball). But Richard does make an interesting statement; defining data protection as leak prevention + encryption + device management. It’s a reasonable start, but far too narrow. For the past 5 years I’ve covered data

The Real Definition of a Zero Day

By Rich
Shimel has a good post on the whole 0day vulnerability thing. He nails it. This has been a pet peeve of mine for a long time. A real 0day isn’t the time from when a vulnerability is announced until a patch is released. A real zero day is a vulnerability no one knows about except those who discovered it. A zero day exploit is an attack against a non-public, unknown vulnerability. A real zero day is bad juju. It slices through any signature based security defenses since there’s no known signature. If it’s on a common port,

Microsoft Partially Caves to Symantec and McAfee.

By Rich
Microsoft is making key changes to Vista to avoid antirust problems. They’re adding an API to PatchGuard, and loosening control on the Security Center. From the ZDNet article: In another change, Microsoft had planned to lock down its Vista kernel in 64-bit systems, but will now allow other security developers to have access to the kernel via an API extension, Smith said. Additionally, Microsoft will make it possible for security companies to disable certain parts of the Windows Security Center when a third-party security console is installed, the company said. … Microsoft will provide a way to ensure that Windows

Those Kooky Kids

By Rich
While I was out running around the country, turns out there was an interesting security article in my own backyard. Seems the local school system can’t keep up with those innovative students exploring their network. A students was caught after hacking a teacher’s computer to steal a copy of an upcoming test. “As a parent, I think it’s kind of scary all the technology, because the kids know more than we do,” she said. “They have different lines of communication compared to when we were growing up.” Haug added that it’s unfortunate that a student smart

Security and Risk Management Are Lovers; Don’t Mistake Them for Twins

By Rich
I’m on the plane heading back home from Symposium and have to admit I noticed a really weird trend this week. Maybe not a trend per se, but something I haven’t heard before, and I heard it more than once. In two separate one on one meetings clients told me they’d reorganized their security teams and were now calling them “risk management”. No security anymore, just risk management. I’m a big proponent of risk management. I even wrote a framework before it was cool (the Gartner Simple Enterprise Risk Management framework if you want to look
Page 320 of 326 pages ‹ First  < 318 319 320 321 322 >  Last ›