Re=posted from ThreatChaos.com
I have been taking a look at the security industry lately as I get back into being a full time analyst. Preliminary results indicate that about 30% of 1,200 companies I tracked two years ago have either been acquired or have quietly disappeared. Anyone who has followed this blog over those years knows that I often object to calling this industry consolidation.
Read more
Dear President Obama: By the time you read this you will be the president-elect of the United States of America. I am writing to alert you to the serious action that is required to secure the information systems of the country that you will soon lead. To say that the US government computing infrastructure, in all of its various branches, departments, and offices, is vulnerable is an understatement. While the GAO a
Read more
I swore I would not write a Halloween post. When it comes to Halloween I am a Scrooge. Bah, humbug. (Alright, I do have a weakness for candy pumpkins.)
Read more
I have been looking at the makeup of the Security Leaders Group I manage at Linkedin.com. Posted below is the breakdown of the 1,403 members and the countries they reside in. With a membership of security professionals and thought leaders from so many countries I have become sensitive to the parochial nature of the term "homeland security". To the 644 members of the group that are not from the US (and the 5.3 billion other people) I am sure "Homeland" has a very different meaning.
Read more
Microsoft just released their "out of band" security bulletin. There is a gaping hole in the way most Microsoft platforms serve Remote Procedure Calls (RPC). This is on the order of severity of the original RPC DCOM vulnerability that led to the wide spread of the MSBlaster worm in August or 2003.
Read more
Microsoft has announced that at 1 PM Pacific they will issue an "out of band" security patch. Meaning, of course, that this is in addition to the regularily scheduled once-a-month patch Tuesday releases.
For the best ever description of full TCP connection denial of service attacks read this post by Fyoder (really Gordon Lyon).
Read more
While technically enthralling, the recent buzz over the vulnerability discovered in the way manufactures wire keyboards is unwarranted. While it is too late for the concept to be worked into the next James Bond movie due out in two weeks, I am sure it will make it into either the next James Bond or Mission Impossible film. The idea, explained in a
Read more
The GAO (Government Accountability Office) has held up the deployment of the DHS (Department of Homeland Security) critical (non-classified) information sharing system. The unlucky group that must deal with the herculean task of launching a collaborative social network of law enforcement, state, local federal and tribal agenc
Read more
Here are a couple:
Director Global Cyber Security Management
SALARY RANGE: 114,468.00 - 172,200.00 USD per year
Read more
A very cleverly crafted message delivered over Skype came in this afternoon. I asked Alex Eckelberry over at Sunbelt to check it out. Not really malicious but his take is that it is completely fraudulent.
I hope this is not a common occurence. I would hate to have to purchase a Skype Spam filter!
I once worked for an automotive supplier. We were launching a new plant in Tennessee. We had the equivalent of a casting call in the local community for people to work on the line assembling car seats. We had trouble getting 120 employees who could pass the mandatory drug screening. Over 3,000 people applied. That was an eye opener. 
Read more
Fox News reported a few days ago that over 40 servers belonging to the World Bank(a pseudo-bank really) have been compromised. Now, the World Bank is not really a bank as much as it is a funnel of funds from various countries into various charitable causes; $25 billion in funds to be exact. It also manages about $70 billion in assets.
Read more
I had conversations lately with three CEO's of web application defense companies: Doug Camplejohn of MI5Networks, Nir Zuk of Palo Alto Networks, and Shlomo Kramer of Imperva. All of them are industry veterans and all of them are developing products to address the inability of standard network security gear to address web application attacks.
Read more
About Stiennon
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
|
|
