“Should I change my password?” “OK, I changed my password, now I’m secure, right?” Media reports over the past month certainly heightened security awareness and drove the public to sit up, pay attention, and do “something.” What that something is, depends on the guidance people heard, the importance of the service they are using and what…
DetailsAcademia is acquiring an interest in cyber education on many fronts. Not likely to crank out cyber warriors at anywhere close to the rate needed to meet current demand, they are nonetheless anxious to participate in a real trend. De Montfort University’s Cyber Security Centre in Leicester, England offers undergrad, graduate, and PhD degrees in…
DetailsMicrosoft released an out-of-band patch today for an Internet Explorer zero-day flaw, which was already being exploited in the wild. Surprisingly, Microsoft opted to release a patch for Windows XP, which officially ended support earlier this month. Microsoft disclosed the zero-day vulnerability (CVE-2014-1776) in all versions of Internet Explorer, from IE 6 to IE 11,…
DetailsWhen it comes to penetration testing, it’s a fact that many organizations will engage third party consultants to perform the service. The reasons why this is so aren’t hard to understand: doing penetration testing well requires a specialized set of skills and tools, and keeping those resources and tools at an acceptable skill/performance level (to…
DetailsHere we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.” The fact that a zero day in IE6 through…
DetailsLast year SafeNet sponsored my work on a project to develop the Breach Level Index (BLI). The BLI is designed to provide a simple way to input publicly disclosed information on data breaches and calculate a score indicating breach severity. I looked at other scales that had been created such as wind severity classified by the…
DetailsThis week the White House felt the need to formalize statements the President has made on responsible disclosure. They did so through a blog post penned by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator. Daniel acknowledges the issue, partly highlighted by the insinuation that the HeartBleed bug may have been known and used…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. The rise of highly targeted attacks is disrupting the security industry with many new solutions coming to market that seek…
DetailsIn an ideal world threat intelligence should prevent IT security incidents from occurring in the first place; however, in reality incidents are inevitable, often with associated data breaches. Post-event clear up requires intelligence gathering as well and the quicker this can be done the better. As incident response capability speeds up the ability to use…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Cisco’s announcement earlier this week that they were launching a Threat Defense Managed Service was surprising in that it was the first…
Details