Yep, it’s time to use this title again. This time we’re talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following: Christian Rossow has done some great work on DDoS. The two interesting papers are: “Exit from Hell? Reducing the Impact of Amplification DDoS Attacks,” read here. The…
DetailsThe holiday season is filled with opportunities for the Bad Guys to take advantage of people who are filled with the holiday spirit, out and about having a good time and letting their guard down. Since I work at a university, I sometimes get asked to pass along tips to increase the awareness of how…
DetailsFor those contemplating using Amazon Web Services (AWS), their compliance page is quite assuring. With a who’s who of compliance standards from SSAE-16, ISO 27001, PCI DSS, to CSA, MPAA, FEDRamp, FIPS 140-2, HIPAA and more; it’s more than enough to give an auditor a warm and fuzzy feeling. Note that in this article, AWS…
DetailsIt is more important than ever to safeguard your business. As the drumbeat of news about breaches continues, the stakes have never been greater. You must stay a step ahead of the cyber criminals. The battlefield is no longer contained and the battle is daily. One fact remains constant: there are those inside and outside…
DetailsAggregating is the inverse of broadcasting. What complicates this is that many technologies are now used for both. Cell phones are the best example. They are a device originally designed for communication. Their original purpose was for transmitting information between individuals and they have evolved into one that can broadcast that information via social media. …
DetailsAt some point, I must have drunk the Cloud Kool-Aid. I find that despite my best efforts, I no longer develop the sinking feeling in the pit of my stomach when someone mentions “Moving to the Cloud.” This doesn’t mean that I get all warm and fuzzy inside, but I am now able to listen…
DetailsOk, I know the title sounds a little negative. I’m not against cloud services at all. We use cloud services here for a wide variety of business and personal purposes. Having said that, there are a couple of issues that bother me about the cloud and while some are philosophical, some are technical as well.…
DetailsAs security practitioners, we know that nary a day goes by when our schedule for the day (or week) goes as planned. There is always an alert to address, an attack to thwart, an email that takes priority or a senior leader that needs data right away. We’ve all experienced this, and we are only…
DetailsI’ve been known to say that ‘I’ve been in InfoSec since before it was cool.’ After 20 years of being on the front lines, first as a consultant, then as the one responsible for implementing a strategy and building the programs, I’ve truly lost count of the times I’ve heard others using F.U.D. to further…
DetailsIf we live in a data-centric world, it is still true that data are more immediate for some than for others. To use one individual as an example: by the fifth grade, Ben was an excellent data analyst. His life depended on it. Ben went to grade school with my younger son and Ben has…
DetailsSomeone recently pointed out an article to me: ‘Big 12 beats Ivy League – in cybersecurity’ I didn’t realize that there was a competition between schools as to who does better security. I know that we are competing with the bad guys, that is obvious, but now I have to worry about beating out my…
DetailsThe last series I wrote for securitycurrent dealt with principles of data security and privacy. Many authorities charged with enforcing data protection accept the principles. They are based on the idea that the actors in data transactions ( i.e., subjects, collectors, disclosers, users and regulators) all have a role to play in creating and maintaining the world…
Details