Kickin’ It Old School
In previous articles, I’ve discussed what I consider to be protocol anomalies, as well as some options for analyzing them. What makes up a protocol anomaly may vary from analyst to analyst - it depends on a number of legitimate criteria based on experience, research, intuition and protocol specification documents, to name a few.
The bottom line is that at least some of the data being analyzed may not follow the expected structure. This in itself is an anomaly (I know, we can probably debate the semantics of this statement forever). It could be malicious, a simple misconfiguration or (my personal favorite) an undocumented feature that no one understands why it exists.
Misconfigurations are very common. There could be a plausible explanation - the tired and over-worked admin, mistyped an IP address, port configuration, or misplaced a decimal point somewhere. It happens. We are all human. (Well, most of us anyway. You know who you are 847#A950-B).
Today,... read more >
Is it Contagious?
Would you even be aware if you were? Health care data breaches are just a small percentage of data breaches reported in the past year. However, health care data breaches can affect its victims way more than other breaches – such as the high profile retail data breaches we constantly see in the news. So why are health care data breaches different?
Health data is what sets health care data breaches apart from other data breaches. Unlike retail system breaches where the information stolen is mostly limited to credit card data, health data can contain birth dates, policy numbers, diagnosis codes, billing information and potentially very sensitive personal information. The stolen information can be used to create fake identities to illegally obtain prescription drugs or buy medical supplies and equipment that can be resold. Patient information can be combined... read more >
Applying Real-World Security to the Digital World
Chickens need security too.
Yes, you read this correctly and you do not need glasses, Chickens need security too! As a country person, I have spent some time doing risk assessments, penetration testing and tabletop exercises - for a flock of chickens. Some of the lessons learned from protecting a flock of chickens, desperately need to be adopted by those working in network security today.
Think of the chicken for just a moment. A chicken is a defenseless bird, preyed on by many different types of predators. They need protection. When raising chickens, a person must take this into account or their flock of chickens isn’t going to last long. There are foxes on the prowl that would love to have a nice, fresh chicken dinner. These foxes are smart – they can find and exploit the smallest hole in the fence or wall (and then all you have left are some chicken feathers).... read more >
An alternate take on the snake
I guess it is time to take off my shoes, because I have run out of fingers to count the number of times I read "OMG THIS IS THE NEXT HEARTBLEED!" for normal vulnerabilities.
Marketing firms have definitely figured out how to promote their researchers' activities:
Scary Name + Cool Logo == Unique Hit Counts == KPI met on your next review
I get it. I totally do. It becomes an issue, however, when every blog site picks it up and people start getting freaked out about relatively normal things.
- New vulnerabilities occur all the time
This includes high, medium and low priority vulnerabilities. Some are pretty bad, allowing for sensitive information disclosure, denial of service, or remote code execution. Most software engineers are not magicians who create perfect code every time. Even those who are have their code pieced together with the work of others, resulting in unintended...
Interactive Report Based on Analysis of Over Six Billion Attacks in 2014
What do you get when you look at trillions of log lines which cover over 6 billion attacks, and information from over 18,000 global customers, combine that with data from hundreds of honeypots, then apply analysis and research from over 1300 security researchers and analysts?
You get the NTT Group 2015 Global Threat Intelligence Report (GTIR).
This report includes even more global data than last year’s report. More vulnerability data. More attack data. And more real information from clients, including practical case studies. All of this data helped NTT Group focus on security issues which truly matter to organizations.
- What vulnerabilities should I worry about?
- Why are exploit kits important?
- What (or who) is being attacked most?
- What types of incidents are organizations getting the most help with?
- What Distributed Denial of Service attacks are the most common?
The report... read more >
Fresh perspectives on a security program might make things easier
A good friend of mine, Matthew Thalken, Control Officer at First Data Corporation, recently wrote a post about setting goals titled “Goal Setting is Driving You Mad, There is a Better Way.” The concept oversimplified is that goals are hard and victory conditions are realistic.
As I read his post, I couldn’t help but think about some of the information security goals I hear mentioned pretty routinely. It is common to hear these target goals stated as some variation of “we need to be secure” or “we have to block threats,” which to me, greatly undermines the complexity of the current threat landscape.
While these are certainly goals of every security program in every organization, they are incredibly difficult to define, measure and achieve. Do you ever stop working to become secure? Is there a deadline for... read more >
If we don’t learn the lessons of recent history, the smart cities we build may not be so smart after all.
Wham! It was the kind of sudden jolt that shakes one’s core. While taking the first sip of the morning’s coffee and making a right turn on red, this commuter’s car was struck hard on the driver’s side. Fortunately, he finds himself not seriously injured, but he is pinned in his vehicle between the car that struck him and a utility pole pinching closed the passenger side door. Fortunately, a streetlight “witnessed” the accident and self adjusted to a flashing red. His vehicle’s onboard systems called for medical and towing assistance. Within minutes help had arrived.
Unrelated, on the other site of our city, a fire in an abandoned warehouse erupted. Nearby sensors detected and alerted the closest local fire department, and after a quick visual confirmation from the city’s central operations center, fire trucks were dispatched. A few hours later, gunshots were identified by gunfire locator systems,... read more >