Several months ago I wrote a blog entry on cloud computing and after all that vitriol, I wouldn’t blame you if you did not want to read anything else about cloud computing that I have written. But I just attended the COSAC Conference in Ireland, and my brain is (as always after I attend this conference) full of new ideas. Issues concerning cloud computing frequently came up during presentations and the workshop sessions. I admit that I have been a harsh critic of the notion of cloud computing because it is really nothing new and because it too often amounts to handwaving and marketing hype more than anything of substance. So I tried to keep an open mind with respect to cloud-related issues. Here are some of the things that I learned and observed: Read more…
Network Security
I was shocked by the blog posted September 4 by Robert Westervelt of search security.com and re-forwarded today to subscribers of “SecurityBytes Roundup” concerning the aftermath of the TJX credit card breach. As readers of this blog will no doubt recall TJX experienced a breach in early 2007 that exposed over 45 million credit cards and the company has been busy cleaning up after the mess ever since then. Now, 2 1/2 years later, after a 42% decline in stock price (in 2008), Westervelt sees TJX financial performance as an indicator that spending for advanced information security tools is apparently unjustified. Read more…
Network Security
PCI DSS TJX compliance security ROI ROSI customer data credit card breach
I was at the Emagined Security booth at the SecureWorld Conference in Santa Clara, California yesterday when someone came up to me and asked me what I thought about persistent attacks. The person caught me off guard. But I started talking about them with him and then went back home and noticed a few recent news items, and suddenly my brain was ablaze with ideas about this subject.
Persistent attacks are attacks in which not only are certain machines targeted, but they are targeted over a span of time. In normal attacks an attacker who succeeds in “owning” a machine continues to own it until someone takes away this person’s ability to access and control it, usually by cleaning or possibly rebuilding it. The attacker then normally moves on and attacks other machines—the world of computing is, after all, a very target-rich environment. In persistent attacks, however, the attacker and/or malware continually comes right back and takes control of the targeted system each time after it has been cleaned or rebuilt. Consequently, there are machines out there that have been more of less continuously compromised for a period of a half year or more. Read more…
Network Security
Many information security programs are languishing on a plateau or a mild downward trend when viewed from the perspective of budget and resource allocation. There are many reasons this is true but one of the most important ones is a congenital lack of alignment between the information security program and the overall business. Simply stated, if security is not viewed as part of the top line success of any organization, it’s just another cost to be minimized. And as infosec leaders know all too well, there are plenty of people inside the corporate organization who know how to drive costs down ruthlessly. Read more…
Network Security
alignment information security corporate strategy success budget cuts customer satisfaction cullinane wong CNBS Bartiromo
When I worked in the Security Information and Event Management (SIEM) arena, I remember the glowing predictions concerning the likely growth of the SIEM market. In 2005 IDC predicted that this market would grow from 266.6 million that year to $635.5 million in 2009, and I have even seem some more optimistic projections than IDC’s, Nothing I have seen suggests that 2009 SIEM sales will even come close to this prediction, however.
Granted—the world economy is in bad shape right now. Purchases that would have been made a little over a year ago are currently not even being considered. The SIEM market is by no means the only one that has faltered during bleak economic times. But given the great potential value and potential cost savings (especially in labor costs) associated with SIEM technology, one would think that it would currently be more popular. What else is keeping organizations from using this technology? Read more…
Network Security
Given the current popularity of social networking sites, this particular posting is not likely to be one of the more popular ones that I have written. But I feel compelled to write more about the security risks associated with these sites because of a recent incident that a good friend of mine experienced. I received an email message from him earlier today in which he informed me as well as others that information about him that was recently spread on Facebook was completely untrue. An update from his account claimed that he was stuck in London, England and could not get home because he had no money. The update asked readers to transfer money to a certain bank account so that he could get home. What ostensibly occurred was that a fraudster broke into his account by guessing his password, then created and sent the update that others and I received. Read more…
Network Security
Most of our readers will be aware that the Customs Service has a program to search the laptops of selected travelers returning to the United States. Typically, a traveler is asked to step aside, power on the computer, and provide the password so that the computer can be perused ostensibly for contraband. Of course, anyone who experiences this will, at best, find this a huge hassle. Moreover, if you also happen to be trafficking in child pornography or jihadist writings, your trip may get a lot worse at this point. However, what if you’re a mild-mannered businessman — or woman – who’s been abroad on business and just wants to get home with his or her company provided laptop?
The answer is it’s not so pretty. There are many reasons you might not want the government to know the contents of your laptop. For example, your laptop might contain the confidential information of clients for whom you provide highly sensitive and confidential advice. Or, your laptop may contain writings that are privileged communications between yourself and your attorney; or your laptop might contain the confidential intellectual property of your employer which you are bound to keep secret under the terms of your employment contract, unless you are compelled to reveal it through judicial due process. The little kabuki drama that unfolds at Customs is not a judicial due process. So, you may be tempted to simply refuse to provide the password to unlock and/or decrypt the computer. Now what? Read more…
Network Security
encryption Customs reenter U.S. laptop seizure
Not too long ago a Web posting described how Whipps Cross University Hospital NHS Trust in London had experienced numerous Conficker worm infections in its Windows systems. A spokesperson for this hospital tried to do damage control by stating that a mere five percent of the systems had been infected and also that the compromised systems were only administrative systems, not medical systems. Additionally, the posting mentioned that several additional hospitals in the London area had suffered the same fate. Read more…
Network Security
