What else can we expect in 2011? Here is part II of my cyber security predictions for 2011:
6. Big, targeted attacks will get more serious. The more dedicated, long-term attacks that are designed to systematically attack an entire organization will continue to exist and thrive, and will get more serious, and more long-term as the potential profit from such attacks are recognized. You can call these Advanced Persistent Threats if you want, but they will get more dedicated, more targeted, more advanced, and more persistent.
7. Money is short. The economy has not turned around yet. Budgets are still tight, and security ROI is still a tough sell. The truth of the matter is that security costs money. The more important truth is that security done... read more >
From WikiLeaks to new wireless device breaches, 2010 will be remembered as a year of "insecurity.” As we move further into the cloud, how secure will we be in 2011?
1. The majority of security relevant issues will strike us just as they have in the past. We will see errors in operating systems, configuration errors or lapses, errors in applications, and errors in judgment by people who fall for social engineering attacks. Most of what we will see in 2011 will be nothing new.
2. Attacks will follow the people. As social media and mobile computing continue to play a larger role in our networked environment, problems seen in these areas will continue to rise. We should expect to see more vulnerabilities in both areas, and we should expect to see hackers take advantage of those vulnerabilities. We will see dedicated attacks making their way across social media, including... read more >
The final holiday shopping days are painfully upon last minute shoppers.
Many of these procrastinating shoppers are looking online to ebb the flow of their ‘perfect gift’ stress. While we want it to be a joyful holiday season, it is not just a time of increased sales, but also of increased credit card theft and online fraud. No one wants to be a victim of fraud or ID theft, but is there anything you can really do about it? Yes and no. You don't have any real control over your information once you buy something, but that does not necessarily mean that you are helpless.
So, you have decided to shop online. What do you do now?
1. First of all, you are going to be shopping from a computer, so make sure you are smart about your own computer security.
Not genius, just smart.
- Shop only from computers over which you have control. Don’t shop...
Solutionary is dedicated to protecting our clients from new threats and providing exceptional value through our thorough security analysis. During our regular delivery of services, we often discover previously unpublished vulnerabilities in applications. This leads us to communicate with vendors to provide remediation guidance and help them better secure their software. Although Solutionary has performed vulnerability research and application assessments for quite some time, we have decided to share our research and findings with our clients and the general public.
Frequent visitors to our web site may have noticed the recent addition of a “Research” navigation tab. The content found in this part of our web site is dedicated to our ongoing research efforts and responsible disclosure of vulnerabilities discovered by our Solutionary Engineering Research Team (SERT).
A few of our initial vulnerability releases can be viewed by visiting the... read more >
Today I will be briefly discussing two main encryption themes:
1. IT Managers need to know
IT Managers must understand that encryption may come at a high price. The processing required to do the encryption is not free. Performance differs by information, data volume and encryption solutions, but seeing a performance hit of 15% should be expected, with a performance plunge of as much as 40% as a result of encryption. That does not mean "don't encrypt;" it simply means "size your processing throughput appropriately."
A common misstep is over-reliance on device-specific security. Yes, some portable devices have encryption and additional security "built-in." But, keep in mind that some of those methods can be bypassed with relative ease by resetting the device, accessing the device via device backup, or simply mounting the device as an extension of a computer's file system. So,... read more >
For many years, I have been telling security personnel that in my mind there are no bad guys and good guys; there are only people that can hurt you. In essence, treat everyone as a bad guy and you will limit the damage any one individual can visit upon you.
My assumption in seeing the continued release of US secret, confidential and foreign access documents is that those materials were obtained from someone inside the organizations where the information originated. In the case of the Iraq and Afghanistan’s war related documents, we know this to be true.
Army intelligence analyst, Private Bradley Manning is facing a military court martial for his part in the leaking of the war documents. Obviously, Private Manning was given extremely broad access to war documents in his role as an intelligence analyst. But even beyond that, he was given control of the documents along with access. I hear this... read more >
Salutations, pop culture and security lovers! As we enter the holiday season, I have a set of favorite movies I like to watch every year. It seems that I can’t resist watching “A Christmas Story” and “It’s a Wonderful Life” every year. For Thanksgiving, you have to watch “Planes, Trains and Automobiles.” It’s a classic story of how two guys struggle to get home for Thanksgiving during a huge snow storm. My favorite scene is when the two strangers find themselves sharing a double bed for the night at a Wichita motel (the Braidwood Inn I believe). They wake up the next morning in bed, and Neil (played by Steve Martin) asks Dell (played by John Candy) where his “other hand” is. Dell answers “Between two pillows.” Neil answers with the classic line, “Those aren’t pillows!”
If you read my... read more >