Archive

Archive for August, 2011

Bluetooth Hacking Tools

I do not use Bluetooth, but a lot–a very lot–of people do. One recent estimate is as of 2008 there were at least one billion Bluetooth devices in the world, and I do not doubt that estimate at all.

Categories: Uncategorized Tags:

Spam: Is it Starting to Go Away?

I remember years ago when the Internet was totally different from the way it is now. If in the early 1990s, for example, someone sent a message containing some kind of advertisement for a product, service or even a conference, that person extremely likely to get flamed. As we all know, today we are bombarded with spam that advertises all kinds of things. Studies over the years repeatedly show that the majority of Internet traffic–up to 90 percent or more of it at certain times–consists of spam.

Read more…

Categories: Uncategorized Tags:

Advanced Persistent Threats: Part 3

I don’t normally write and post a blog entry that is part of a series after the series has ended. I’ve already written parts 1 and 2 of the advanced persistent threats (APTs) series; earlier this week I moved on to a new topic. Sorry, but I forgot to write about something about APTs that is very important. I thus feel compelled to write a third part of the APT series out of order. I’ll go back and fix the order of the postings in a few days.

Read more…

Categories: Uncategorized Tags:

Title Inflation in Information Security

I meet new people all the time. Not surprisingly, many of them are information security professionals. After we’ve said goodbye, I often look over their business cards a bit. What is amazing to me is the loftiness of the titles on so many business cards. I meet presidents, vice-presidents, CEOs, COOs, CTOs, CISOs, executive directors and managers, senior directors and managers, and by now you get my drift. But it does not end here–some have downright humorous titles such as “chief security visionary” or “I seldom see plain old everyday titles such as “member of the technical staff” or “security engineer.” Title inflation runs rampant.

Categories: Uncategorized Tags:

Advanced Persistent Threats (APTs): Part 2

In my last posting I argued that traditional defense-in-depth strategies per se are not sufficient for an organization to be able going to be able to withstand the kinds of APTs that are currently plaguing us. I’d like to go on further with this theme, extending it to the types of security technologies that are available to us. In the past I’ve argued about the virtues of United Threat Management (UTM) technology from the standpoint that in UTM appliances the various functions (intrusion detection, intrusion prevention, application firewalling, and more) are at least aware of each other, and can thus potentially work more intelligently and cooperatively, as opposed to so-called point solutions.

Read more…

Categories: Uncategorized Tags:

A Blow to Client-Attorney Privilege in the Cybersecurity Arena

In a recent ruling, the Third Appellate District Court (Sacramento) agreed 3-0 to uphold a previous decision against the plaintiff in a lower court case, Gina M. Holmes, who sued her employer after she quit her job after she said her employee had become hostile towards her after she told him she was pregnant shortly after she started the job. Holmes claimed that she had been subject to sexual harassment, retaliation, wrongful termination, violation of her right to privacy, and intentional infliction of emotional distress as the result of her bosses’ actions, She sent email messages that contained private information about her to her attorney using the company’s mail system, even though the company’s acceptable use policy forbade use of this mail system for personal reasons. Her employer, the Petrovich Development Company, captured the messages and used them in court as evidence that she had not experienced emotional distress. The ruling of the lower court was in favor of the employer, even though Holmes’ lawyer argued that the email messages were not admissible as evidence because of client-attorney privilege.

Read more…

Categories: Uncategorized Tags:

Advanced Persistent Threats (APTs): Part 1

I’ve already posted a blog entry (number 56) concerning Advanced Persistent Threats (APTs) at www.emagined.com/blog. In this older entry I argued that APTs are real and discussed their nature to some extent. I wrote that entry well over a year ago. Since then, many new events and trends have occurred in the information security threat arena, so it is well time to make an update.

Read more…

Categories: Uncategorized Tags:

The Changing Nature of Incident Response: Part 5

I am sure that the so-called “crises” about which I have written in my last two blog postings pale in comparison to some that have occurred since. I have, for example, learned about insider attacks that have occurred in banks and other institutions that could have potentially severely disrupted the financial and operational status of the organizations in which these attacks occurred. Serving on an incident response team charged with responding to these incidents must in many ways have been the ultimate challenge.

Read more…

Categories: Uncategorized Tags:

AV Software Testing: Caveat Emptor

One of the platitudes with which people attending information security awareness programs quickly become familiar is “run AV software and keep it updated.” Informing users accordingly is important. Following up to verify that they engage in actions corresponding to these platitudes is every bit as important. But are the same platitudes preached in the 1990s and early 2000s concerning AV software still true? Read more…
Categories: Uncategorized Tags:

Information Security Conferences Gone Awry

I speak at more conferences every October than any other month. This month has been crazy so far, and I can scarcely remember being home more than two or three days at a time since mid-September. Many of the conferences at which I have spoken have had excellent presentations and panel discussions. At the same time, I fear that some of these conferences have gone in the wrong direction. Why?

Read more…

Categories: Uncategorized Tags: