Growing Boycott of RSA Conference 2014

[Full disclosure: As an industry analyst I conduct business with RSA, the security division of EMC, including white papers and recording videos of key executives and customers.] It began with a Reuters story from Joe Menn: Exclusive: Secret contract tied NSA and security industry pioneer in which it was disclosed that RSA, the crypto pioneer and security…

Details

FireEye Acquires Mandiant in $1.05 Billion Deal

Threat protection vendor FireEye announced on Thursday that it had acquired security incident response provider Mandiant in a cash and stock deal worth more than $1 billion based on the current value of FireEye shares. The acquisition, which closed on Monday but only was publicly announced after the markets closed on Thursday, was one of the biggest…

Details

The Increasing Mobility Threat to IT Security

Any organization that has not already started to think about the impact mobility has on IT security should start doing so this year. 63% of businesses provide formal access to some of their business applications to mobile users, a Quocirca research report “Digital Identities and the Open Business,” showed. Furthermore, the sheer ubiquity of mobile devices and…

Details

The Role of Emotion in the Target Breach

“It’s the most emotional tiiiimmme of the yeeeaaar”… The holidays, filled with emotion. There’s so much going on – from travel, to shopping, to family gatherings, and of course the mad rush to finish out the year’s office workload. For many, it’s super stressful, which can bring on a wave of holiday-time emotion. One thing often…

Details

IT Security Industry Has a New Adversary

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…

Details

The Incredible Power of XKeyscore

Der Spiegel makes light of an incredible tidbit they extracted from a 50-page catalog of exploit technology apparently developed by the NSA’s Tailored Access Operations (TAO).  The German newspaper describes, and dismisses as not very threatening the ability of an analyst using XKeyscore to identify a target’s machine, probably by IP address. Then, if that machine ever files a…

Details

IT Security Industry Has a New Adversary

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…

Details

Getting Real About Network Access Control (NAC)

The two biggest concerns organizations have when considering the use of cloud based services are the safety of personal data and complying with data protection laws (see complimentary Quocirca report, “The adoption of cloud based services,” downloadable here). The report shows that these are issues that those recognizing the benefits of such services overcome by…

Details

Samsung Galaxy S4 Allegedly Vulnerable to Attack

Organizations and government agencies that use Samsung’s flagship Galaxy S4 smartphone are at risk of having their confidential data including emails, file transfers and browser activity breached, according to cyber security researchers at Ben-Gurion University of the Negev (BGU). The BGU researchers said they discovered the alleged “critical vulnerability” in the Samsung Knox software, an…

Details

Update – Nefarious Pseudo Random Number Generator Never Actually Used in SSL

(Updates with RSA denial) There has been a lot of furor over the Random Number Generator that the NSA, with a rather heavy hand, apparently forced NIST to accept into its encryption standards. Bruce Schneier, wrote “ The NSA Is Breaking Most Encryption on the Internet “ and The Guardian reported extensively on the NSA’s project Bullrun, which is apparently…

Details