| 1/16/2004 | Catching flies with honey? | InfoWorld |
 |
| | This article expresses concern about the use of honeypots in the enterprise. I used to be in the same boat, and still basically believe that traditional honeypots can be time-consuming. But expanding on the capabilities slightly can lead to some interesting possibilities.
Honeyresponders (HR) respond to all scans with bogus information. As soon as a source zeroes on on the HR, it blocks the ip. The premise is that there is no reason for anyone to be accessing services on the HR (because by definition there are no functional ones) and so every source headed in that direction must have malice in mind.
Honeytokens deserve a lot more attention. Most often, they take the form of bogus data inserted into legitimate datastores. Anybody accessing the data should be reviewed to understand why. The hard part here is just keeping track of the records. This type of solution would be valuable for "insider threat" monitoring.
By the way, I think all security researchers and ISPs should be deploying honeypots to really ascertain what is going on on the 'Net. |
|
|
| 12/22/2003 | Merging Managed Security | eWeek |
|
| | |
|
|
| 12/22/2003 | Surebridge joins hosted antispam game | searchNetworking |
|
| | |
|
|
| 12/19/2003 | BankRI customer information stolen along with laptop | ComputerWorld |
|
| | This article illustrates a problem that is so symptomatic of our space, I want to scream. So, folks, what are we doing wrong? Somehow, this CEO thinks that installing encryption and fraud detection software after an incident is somehow adequate.
"'We are making certain what limited information is on [the laptops] is encrypted. We don't think there's any sensitive information on them. But we're acting in an abundance of caution with respect to those laptops,' BankRI President and CEO Merrill Sherman said."
How ludicrous is that? How come we never hear all of the other banks say "Since Bank of RI got their information stolen, we realize that it could just as likely happen to us, and so we are installing encryption and fraud detection software before we get hit."?
|
|
|
| 12/19/2003 | Compliance drives security investments | searchSecurity |
|
| | |
|
|
| 12/16/2003 | VeriSign to Acquire Security Services Provider Guardent? | eWeek |
|
| | Nice scoop on Dennis' part. This is the second of two acquisitions this week, and another 'slam dunk' when it comes to fit. Guardent needs the strength of a Verisign to penetrate into the very large accounts and Verisign needs Guardent's security expertise to expand its business. |
|
|
| 12/16/2003 | Check Point Software Buys Zone Labs for $205 Million | InformationWeek |
|
| | This was the first of two (so far)security acquisitions this week. It is pretty difficult to see any negatives from a product perspective - Check Point has needed to expand for some time and Zone has done a great job growing the personal firewall market. |
|
|
| 12/12/2003 | InfoSecurity zooms in on management, mobility | Network World Fusion |
|
| | |
|
|
| 12/11/2003 | Bill Gates to address RSA Conference | Infoworld |
|
| | This sounds a bit more melodramatic than I intended. The "brave" part is just a function of the animosity of the RSA crowd. I hope conference planners will be on the lookout for eggs and pies - security folks aren't known for their manners. I also hope folks begin to at least objectively evaluate the work Microsoft has done in security over the past few years. It's hard to turn an aircraft carrier, but I believe they are trying. |
|
|
| 12/8/2003 | NC-1000 gateway now has network firewalls | Federal Computer Week |
|
| | A move toward applying security solutions based on logical segmentation? Say it ain't so... This is a hot one. |
|
|
| 11/24/2003 | Enforcing Security at the End Point | Informationweek |
|
| | |
|
|
| 11/24/2003 | Nachi worm infected Diebold ATMs | Securityfocus |
|
| | Security of ATMs is turning into a slight rat's nest of networks connected to networks. |
|
|
| 11/5/2003 | $250,000 Bounty To Nail Blaster, Sobig Authors | Informationweek |
|
| | Attention script kiddies - one of your friends will gladly turn you in for $250k. |
|
|
| 11/4/2003 | Microsoft locks down intellectual property | searchWin2000 |
|
| | |
|
|
| 11/4/2003 | Microsoft to offer bounty on hackers | CNet News |
|
| | |
|
|
| 11/3/2003 | Keeping Secrets | Computerworld |
|
| | |
|
|
| 11/1/2003 | All Together Now | Information Security Magazine |
|
| | This is my take on the whole "monoculture" issue. Basically, it is impractical and unrealistic to somehow change, therefore we should get over it and secure what we have. |
|
|
| 10/29/2003 | Linux Security: Tips from the Experts | EarthWeb |
|
| | The neverending quest to find the "most secure" operating system. But we will never be able to tell until we get to a point of comparison that is consistent across platforms. |
|
|
| 10/28/2003 | Microsoft will turn off Messenger, turn on firewall | IDG.com |
|
| | |
|
|
| 10/27/2003 | WLAN Security Vendors AirDefense, AirMagnet and Koolspan Prepare Updates | eWeek |
|
| | |
|
|
| 10/24/2003 | AOL closes a Windows service | CNet.com |
|
| | |
|
|
| 10/22/2003 | NAI, Check Point to Offer All-in-One Security Appliance | eWeek |
|
| | |
|
|
| 10/22/2003 | Symantec Posts Big 2Q Gains | Informationweek |
|
| | |
|
|
| 10/7/2003 | Work force doubles in 18 months at St. Bernard in S.D. | San Diego Tribune |
|
| | |
|
|
| 10/6/2003 | Security as a Weapon | eWeek |
|
| | |
|
|
| 9/15/2003 | Vendors prep wares to manage network security | Network World |
|
| | |
|
|
| 9/10/2003 | Lamo denies $300,000 ego-surfing spree | Securityfocus |
|
| | |
|
|
| 9/8/2003 | Anti-Virus Options on the Rise | eWeek |
|
| | |
|
|
| 9/4/2003 | FBI reportedly hunting Adrian Lamo | Securityfocus |
|
| | Fascinating. Check out this comment regarding the probability that the FBI's arrest warrant relates to his hack of the New York Times:
"I think this is unsporting of the New York Times," Lamo said Thursday.
What he doesn't understand, and never has, is that this isn't a sport - it costs real people real money. People get fired because of it. They lose their privacy and it degrades trust. Hopefully someday he will grow up.
|
|
|
| 8/28/2003 | Security By Committee | Security Wire - InfoSec Mag |
|
| | |
|
|
| 8/8/2003 | Survey: Insecure passwords can be costly for companies | Computerworld |
|
| | Perhaps the most interesting thing about passwords is that we have known about the inherent problems for as long as they've existed and yet many people still consider them 'good enough' security. |
|
|
| 8/4/2003 | Vendors Team To Lock Down Applications | InformationWeek |
|
| | |
|
|
| 7/31/2003 | Vendor group publishes vulnerability disclosure guidelines | Computerworld |
|
| | Futile. |
|
|
| 7/30/2003 | Security pros talk, but can they walk? | CNet News |
|
| | |
|
|
| 7/25/2003 | Solsoft wins $12M in fourth round | The Daily Deal |
|
| | Subscription required. |
|
|
| 7/24/2003 | Bayer sued in spy case - employee allegedly stole rivals' secrets | San Francisco Chronicle |
|
| | Some telling paragraphs:
"Wexler said Baxter contacted the FBI after a tech support staffer told executives on June 13 that Dasari had duped him into helping copy the files onto discs. Asked if Baxter had made a criminal complaint against Dasari, Wexler said, "We are cooperating fully in an investigation of our former employee." Wexler said both the FBI and federal prosecutors are involved."
"Baxter representatives could not name a dollar amount in damages the company would suffer if the secret files were made available to Bayer or other competitors. Baxter's hemophilia treatment Recombinate brings in $1 billion a year in revenue, Wexler said, and competes directly with a Bayer product."
Most likely, the reason they can't 'place a value' on the data is that they want to squeeze as much juice as possible out of this fruit tree. One plausible method is to evaluate the data to determine whether it can make Bayer's product better or reduce the market share of the drug. Perhaps it is a percentage point off the top or some reduced lifetime of the drug itself - say if its patent expires and Bayer could bring a generic to market quicker with the data. |
|
|
| 7/24/2003 | High-Tech Votes Can Be Hacked, Scientists Say | Reuters |
|
| | What I don't get with electronic voting is why nobody compares the level of security associated with electronic voting to the security of physical voting. Attention, everyone! Today's voting system is full of holes! We change the nature of the risk with electronic voting, but we don't know whether that makes it higher or lower than what exists. It is unlikely that we can create an impenetrable system, and even if we did, we couldn't believe it. |
|
|
| 7/24/2003 | Questions for DoJ IP Attorneys Asked and Answered | Slashdot |
|
| | Interesting thread on copyright infringement - ten questions asked by Slashdot readers answered by DoJ laywers from the intellectual property division. Lots of good clarification regarding fair use, civil vs. criminal actions, and the integration of DMCA within copyright law. |
|
|
| 7/21/2003 | Latest Vulnerability Includes Windows Server 2003 | Computerworld |
|
| | One down, who knows how many to go? |
|
|
| 7/18/2003 | New Windows flaw raises fresh doubts about Microsoft security | Computerworld |
|
| | |
|
|
| 7/16/2003 | Network Associates' Profit Tumbles | Informationweek |
|
| | |
|
|
| 7/9/2003 | Equant offers managed IDS | Computerworld |
|
| | |
|
|
| 7/7/2003 | Advocates of new PC security technology | San Francisco Chronicle |
|
| | More innovation being killed. And I didn't even know it was sick. |
|
|
| 7/1/2003 | Watch Your Step | Information Security Magazine |
|
| | A cover story I wrote on Security Resource Planning, a way to actively manage risk in the enterprise. |
|
|
| 6/30/2003 | Best Security Book of the Summer | Spire Tip |
|
| | This is clearly the best book on information security for summer reading. You have to stretch a little, but every one needs to stretch, particularly in information security (and the seventh inning;-)). |
|
|
| 6/26/2003 | Symantec Security Flaw Still A Threat | Informationweek |
|
| | For a company who should be acting as a model for others to emulate, this is a pretty disappointing response. I am also intrigued by their rating this risk a "medium" while another flaw in IE that exploits multiple file:// windows rates a "high." |
|
|
| 6/23/2003 | Citadel, SPI Dynamics team on security | InfoWorld |
|
| | |
|
|
| 6/23/2003 | Senator's 'Extreme' Piracy Remedy Draws Criticism | Computerworld |
|
| | |
|
|
| 6/23/2003 | VCs add funds to Vsecure, XActional | The Daily Deal |
|
| | |
|
|
| 6/19/2003 | History of Viruses and Antivirus | cknow.com |
|
| | So I'm on a history kick - sue me. Here is the best link I can find for the history of antivirus. It also branches off to Dr. Solomon's history and Rob Slade's history as well. |
|
|
| 6/19/2003 | History of Firewalls | Cisco's Internet Protocol Journal |
|
| | For the trifecta, here is the history of firewalls as told by Fred Avolio. |
|
|
| 6/19/2003 | Hatch: Download pirated data, see your computer destroyed | ComputerWorld |
|
| | |
|
|
| 6/18/2003 | History of Computer Security | NIST |
|
| | Thought I'd give you a link for some light, summertime reading ;-) Want to learn about the origins of computer security? Here are some papers, in the original form, that provide just that historical context no security professional should be without. Enjoy! |
|
|
| 6/18/2003 | Senator: Give Movie And Record Companies A License To Hack | InformationWeek |
|
| | Providers of content absolutely deserve to have it protected, and digital rights management can provide that coverage. Strikeback is completely different - I don't see how you could do it with any degree of accuracy or reasonability. |
|
|
| 6/17/2003 | When to shed light | eWeek |
|
| | To further my comments in the article
To further my comments in the article:
I think actively seeking vulnerabilities is just plain destructive. Sure, if
the vulnerability is known we should disclose it, but it never should have
gotten to that. I believe there is a lot of faulty logic behind the disclosure
phenomenon. For example:
1. We claim that disclosure actually makes our systems stronger/more secure.
Of course, if that is the case then Microsoft has the strongest software on the
planet and we should be happy to deploy it in our enterprise. Any takers? (By
the way, I happen to believe Microsoft gets a bum rap, but use this as a common
example of what goes on in the security space.) The whole concept of counting
vulnerabilities as a measure of security is bogus - it is an unpopularity
contest, nothing more, and doesn't say anything about the software itself. By
the way, enterprises have shown time and again that they don't patch their
systems anyway, so we can't get more secure this way.
2. The more vulnerabilities we find, the closer we are to "the cure," i.e.
some sort of security nirvana where no more vulnerabilities exist in the world.
Hmmm, this is a good one. So, count the number of lines of code in existence,
then come up with some metric for the number of vulnerabilities in that code (I
suspect you could use a very, very low number to be conservative). Now add in
the number of lines of code being added to the world's code base every day.
Finally, we factor in the number of vulnerabilities found. Are we getting any
closer to finding all vulnerabilities in the world? Not a chance. More likely,
we are getting further away. That shouldn't further our resolve to try harder,
it should make us look at alternatives.
3. If we don't find it, then the bad guys will. This is another one that
doesn't work in the "macroeconomics" of the world's code base. Though I can't
prove this, I suspect that, given the amount of code in the world, the
likelihood of a good guy finding the same hole as a bad guy is probably the same
as the likelihood of a collision in a crypto hash - nearing impossible. The most
recent WebDAV vulnerability is the only case I am aware of where the
vulnerability wasn't known beforehand. So the real question is, how many new
exploits would there be if there weren't such a large pool of vulnerabilities to
choose from? At the very least, it would reduce a lot of noise out there... (I
would love to know about other exploits that occurred with unknown
vulnerabilities, and am glad to keep them anonymous).
I guess what really bothers me are the pretenses under which we operate.
Those engaged in seeking out new vulnerabilities should just go ahead and say
that they think it proves they are smarter than their competition. Period. It
has nothing to do with the common good, it has to do with boosting egos and
generating revenue.
If consultants really want to spend time on this (honestly, I don't
understand how companies can absorb the simple cost of it) they should be
setting up honeypots. I don't advocate honeypots for most enterprises, but this
would be the perfect fishbowl to really determine what was going on 'in the
wild.' Setting up a honeypot would truly further our understanding of things
like likelihood of attack, prevalence of attacks, the nature of security on the
Internet, etc... All great stuff we really have limited information on, but what
we do have is valuable (thanks, Lance).
There is one other reason that is a bit more difficult to dispense with -
That we really do this just to 'stick it to the vendor' and make them pay the
price for having written poor software. In my opinion, this seems a bit spiteful
and amounts to a pyrrhic victory - sure we sock it to 'em, but at what cost? The
real loser ends up being enterprises.
My solution for this one is still a bit sketchy, but let me try. I don't
advocate software liability because it is too likely to be wrong - the old "it's
not a bug, it's a feature" cliché would create lots of problems, and we only
think about Microsoft and not the little guys in our argument. I also don't
believe we will ever completely eradicate vulnerabilities and must therefore
come up with a new metric to measure 'software risk' (how about person hours per
vulnerability found?).
Instead of software liability, I advocate Material Safety Data Sheets for
software. In the same way chemical/pharmaceutical manufacturers must document
the interactions of their chemicals with "the world around them," we should have
software vendors document software interactions with the rest of the operating
environment. This will ensure that they have completely tested their software
and provide us with a blueprint to create security profiles in host intrusion
prevention software. At least then we have a set of assertions from the vendor
about how their software works. Heck, it also sets the stage for demonstrable
negligence and fraud in the future. |
|
|
| 6/17/2003 | Sanctum updates AppScan for J2EE | Computerworld |
|
| | |
|
|
| 6/16/2003 | Devices Tackle Multiple Security Jobs | eWeek |
|
| | |
|
|
| 6/16/2003 | Microsoft Signs Anti-Virus Deal | eWeek |
|
| | My quote in this article may seem contradictory to the CNET one, where I say this doesn't kill AV at all ("Hogwash!" ;-)), but it is not. With antivirus, Microsoft needs the virus signatures themselves and a better reason to connect w/ end user desktops (since patches don't seem to be a good enough reason - ouch). Hopefully, they will incorporate other capabilities like patch management and perhaps authenticate the session as well. For this, they should be successful in growing today's market to include folks who may not use AV in any significant way. On the other hand, Symantec and NAI, et.al. will easily play up their strengths - namely that they are not Microsoft, support heterogeneous platforms, support heterogeneous threat types, and provide management capabilities. And did I mention they are not Microsoft? (For the record, I am not anti-Microsoft, but I believe that many security people are.). What would be more interesting is if Microsoft builds a basic engine that can be improved through third party solutions, but also can support virus signatures from multiple organizations. |
|
|
| 6/15/2003 | Defensive Postures | CIO Magazine |
|
| | |
|
|
| 6/15/2003 | Teaching Viruses | Crypto-Gram Newsletter |
|
| | Schneier missed to point on the virus writing class. It isn't the teaching of how this stuff works that matters - lots of people do that - it is the creation of new viruses that is destructive. |
|
|
| 6/13/2003 | Gartner: Intrusion Detection On The Way Out | Informationweek |
|
| | To say that IDS is dead is impractical, infeasible, and just plain bad advice. Certainly, Gartner has stirred things up a bit, which analysts are sometimes known to do (;-)). The proposed vision is an intoxicating one, I just don't see it happening. The real problem with intrusion detection has always been "unmet expectations" - users didn't realize IDS would require lots of care and feeding. But to say that everyone should use dynamic firewalls as if the problem has been solved and suggest that, because it is a firewall, it won't require the same attention that IDS requires (remember, it has to do IDS' job now) is shortsighted. |
|
|
| 6/10/2003 | Microsoft moves into antivirus realm | CNET News |
|
| | Antivirus solutions should fear NGSCB much more than a Microsoft antivirus product. NGSCB makes viruses much less likely to have a significant impact (though not completely eradicated), and gateway antivirus has really shown its value over the last year or so (I attribute much of the success in fighting viruses to gateway products). |
|
|
| 6/10/2003 | Microsoft Buys Into Antivirus Technology | InformationWeek |
|
| | Pretty interesting information on Microsoft buying Pelican Security, which went pretty much unknown. Pelican competes with Finjan and provides a "sandbox" for evaluating software. By the way, the host intrusion prevention solutions will catch a Word macro that does things Word is not allowed to, but it won't catch things that Word is allowed to do, like delete Word files. |
|
|
| 6/10/2003 | Microsoft to buy Romanian antivirus company | Network World |
|
| | |
|
|
| 6/10/2003 | Microsoft To Buy Antivirus Technology | Computer Reseller News |
|
| | |
|
|
| 6/10/2003 | Wired Slammed For Publishing Slammer Code | InformationWeek |
|
| | This is really not a huge deal. I just object to them claiming it was for "the public good" or some such nonsense. Call it like it is - they wanted to generate some press, and that is what they did. |
|
|
| 6/10/2003 | Industrial Security Gets a Linux Lock | CNET News |
|
| | |
|
|
| 6/6/2003 | Preventsys raises $9.2M | The Daily Deal |
|
| | |
|
|
| 6/3/2003 | Gartner: Innovation In Anti-Virus Technology May Be At Risk | TechWeb |
|
| | Lost innovation is an interesting idea, but it makes no sense within the scope of the Microsoft GeCAD purchase and the antivirus market. There are at least a dozen antivirus vendors that will need to innovate (and have been innovating) to remain afloat. Nowadays, the real innovation is coming via antivirus at the perimeter - doesn't look like MS is playing there - and with new client security solutions like those from Sana Security, BBX, WholeSecurity, Cisco/Okena, Network Associates/Entercept, Harris, and a whole host of others. No, innovation is not a current problem in the security market. |
|
|
| 6/2/2003 | Customer list helps Permeo boost valuation | The Daily Deal |
|
| | subscription required |
|
|
| 5/30/2003 | IDS Appliance Reduces False Positives | eWeek |
|
| | |
|
|
| 5/29/2003 | University Defends Virus-Writing Class | InformationWeek |
|
| | The saga continues... |
|
|
| 5/28/2003 | Juniper Adds Security To Routers | InformationWeek |
|
| | The biggest thing any network vendor has going for it is that their devices are already inline and used by network administrators. |
|
|
| 5/19/2003 | Fizzer Worm Sparks Concern About Remote Security Risks | Computerworld |
|
| | |
|
|
| 5/16/2003 | NAI Cuts Workforce | eWeek |
|
| | |
|
|
| 5/16/2003 | Beautiful Science: Getting the Math Right May Help Thwart Terrorism | Wall Street Journal Online |
|
| | Plenty of talk about addressing terrorism can be applied to securing an enterprise. This article discusses how Game Theory (and "Beautiful Mind" subject John Nash's Equilibrium Theory) apply to terrorism.
Some choice quotes:
"'When one kind of attack becomes more difficult or expensive, terrorists substitute other, cheaper kinds,' says Prof. Sandler." [Professor Todd Sandler from USC]
"The best move is not to protect targets. If you secure Disneyland, terrorists may go after Sea World. The effective strategy is to reduce terrorists' resources: Go after training camps and arms caches, choke off financing, infiltrate networks."
"'Countries spend more and more, but don't necessarily become more secure,' says Prof. Sandler."
Some fascinating comments that address the neverending need to bolster security (or collectively do nothing and completely reorient our security approach). The final quote really nails the issue with cybersecurity as well.
|
|
|
| 5/15/2003 | Fizzer fizzles, but security threats remain for companies | Computerworld |
|
| | It should be clear by now that people need perimeter antivirus to protect email in particular - by the time the email hits the desktop, it shouldn't matter what the end user does. There are a number of products and services that exist to make this "easy" (at least, easier than the nastiness that comes with recovering from a full-fledged virus attack). |
|
|
| 5/12/2003 | Security Spotlight | InformationWeek |
|
| | Let's be clear - Palladium is the most significant security announcement since the development of firewalls in the early 90's and it will have the biggest impact on security through the next decade. |
|
|
| 5/12/2003 | New York Times Details Deceit by Staff Reporter | Wall Street Journal |
|
| | Though it doesn't specifically address information security, this article about a reporter who played loose with the facts describes well the challenges security professionals face.
You probably need a subscription to view the article, so here are some choice quotes:
"Do we have a system designed to uncover venality? No, we don't, and you know something, I guess I am not unhappy with that," Mr. Sulzberger said. "I don't want us to become a police state where you suspect every employee of ripping off the company." [Note: Sulzberger is the Times publisher.]
And another:
The Times account avoided pinning blame on anyone but Mr. Blair, paraphrasing Mr. Sulzberger as saying, "there will be no newsroom search for scapegoats." Mr. Sulzberger said, "the person who did this is Jayson Blair." "Let's not begin to demonize our executives -- either the desk editors or the executive editor or, dare I say, the publisher."
And let's round it out with this one:
"This is not a Howell problem, this is not an Arthur Sulzberger problem -- this was a bad man doing bad things," Mr. Sulzberger said.
Obviously, I am no newspaper expert. But it would seem to me that fact checking is a pretty straightforward requirement for any newsroom, particularly of the Times' reputation. It is a 'perfect' response to 1) water down the need for controls; 2) treat the symptom and ignore the disease; then 3) deny any responsibility in building a weak control environment.
Perhaps it is no surprise that the Times was hacked last year (click here for one account of that incident). |
|
|
| 5/12/2003 | Check Point Readies Deeper Security | Informationweek |
|
| | Check Point has the luxury of marketshare. This means it can slowly dip its toe in the water by bolstering existing technology a bit. While they don't have deep content inspection capabilities, the price (included in regular subscription) sure is attractive. |
|
|
| 5/12/2003 | Check Point Stops Attacks at App Level | eWeek |
|
| | |
|
|
| 5/9/2003 | Astaro belatedly turns to VCs | The Daily Deal |
|
| | subscription required |
|
|
| 5/5/2003 | Microsoft Security Plan Has Gaps, Study Says | eWeek |
|
| | Gaps? Not really. NGSCB is about technology and is philosophically agnostic - and it can be used for good and bad. Just like terrorists can encrypt their data. This isn't really a gap as much as it is a realization of the limitations of any technology, including NGSCB. This is one of many reasons why the Chicken Littles who seem to think Palladium is the end of civilization are getting caught up in an illogical, contradictory, conflicting philosophical argument. By the way, Microsoft has always acknowledged this use scenario, so it is hard to say that its "plan" is somehow faulty. |
|
|
| 5/2/2003 | Teros locks in $12M in funding | The Daily Deal |
|
| | Subscription required. |
|
|
| 5/2/2003 | Teros locks in $12M in funding | The Deal |
|
| | |
|
|
| 4/16/2003 | Partnership Made to Fight Cyberterrorism | Associated Press |
|
| | Wow. This is perhaps my worst misquote ever, and to think it came from the Associated Press. I don't recall the word "disaster" ever coming out of my mouth, and if it did it certainly was not anywhere near this context. Just to set the record straight: it is hard to poke holes in partnerships because there is always some value in groups discussing things. The real proof of success lay down the road when progress reports are made. So I tend to be lukewarm on partnerships such as this with the hope of waiting for some concrete developments. |
|
|
| 4/15/2003 | Intruders: Is detection or protection the answer? | ZDNet U.K. |
|
| | For the record, I don't believe that IDS is dead, nor that firewalls actually do perform the capabilities of many products that use the "intrusion prevention" label, just that nothing appropriately describes the various levels of intelligence that exist in both product categories. In the end, these capabilities will overlap and integrate regardless of what you call it. |
|
|
| 4/8/2003 | Security Flaw Spotted, Fixed In Seti@home Program | Informationweek |
|
| | A clarification: the characterization of Kazaa and seti@home as "good" is a bit out of context. It is intended to reflect that these programs have a specific useful purpose to some; they are not solely malicious like trojans or backdoors. |
|
|
| 4/7/2003 | Entrust, Waveset partner for ID management | Computerworld / IDG |
|
| | |
|
|
| 4/4/2003 | Network Associates Snaps Up Another Intrusion-Protection Vendor | InformationWeek |
|
| | Note that the "better" piece of my quote is actually referring to the approach (policy based vs. signature) rather than the specific product set. The concept of "better" is influenced by many characteristics and not a "one size fits all" situation. |
|
|
| 4/4/2003 | Software startup gains LCRA, bank as clients | Austin Business Journal |
|
| | |
|
|
| 4/4/2003 | Network Associates makes security buy | CNet |
|
| | |
|
|
| 3/31/2003 | Real-Time Safety Combo | InformationWeek |
|
| | |
|
|
| 3/24/2003 | Protegrity Patches Database Security App | eWeek |
|
| | |
|
|
| 3/17/2003 | Hacker Exploits Microsoft Flaw to Get Into Army Servers | Dow Jones Business News |
|
| | An interesting case - the only example I am aware of where an unknown (to the public) vulnerability has been exploited. With all of the effort spent by "white hats" identifying and cataloging vulnerabilities in Microsoft systems, you might think we would have already found this one. I guess there are two options: 1) redouble our efforts to find all vulnerabilities before the bad guys; or 2) rethink our approach to security. I opt for number 2 - more on that later. |
|
|
| 3/12/2003 | Study Exposes WLAN Security Risks | eWeek |
|
| | A good example that demonstrates the impact of intent on our comfort level for security activities. This was called a "study" because it was performed by reputable folks in the security space. These same activities are also often called "wardriving" and considered malicious. This is dangerous territory - I can't imagine there was consent on the part of the owners of the 328 WLANs discovered to participate in this "study." Some things to think about: What would happen if the details were published and someone took advantage of them? What would happen if the researchers also "warchalked" the sidewalk? I do not believe that the activity is illegal, but it certainly brings up thoght-provoking questions. |
|
|
| 3/10/2003 | SANS Institute Lauds Microsoft Security Efforts | Computerworld |
|
| | Given the magnitude of Microsoft's product set and company size, its progress to date has been significant. |
|
|
| 3/6/2003 | Google Closes Blogger Security Holes | SecurityFocus |
|
| | We haven't heard much from What's His Name lately. Perhaps the most instructive part of the article was this quote:
"I was tempted to do both of them," says Lamo. "Had Pyra been a less wholesome operation, I might have shown less restraint."
Hmmm, mighty judgmental for a pseudo do-gooder who claims to hack for the same reasons people climb mountains (cue Cyndi Lauper's True Colors). Thank goodness Pyra passed muster by saying he "rocks." I wonder what might have been in store had they not been so supportive of his malice. |
|
|
| 2/28/2003 | McAfee preps 'worm-killer' VirusScan | InfoWorld |
|
| | |
|
|
| 2/19/2003 | Sourcefire snags $11M | The Deal |
|
| | |
|
|
| 2/19/2003 | Sourcefire snags $11M | The Daily Deal |
|
| | |
|
|
| 1/27/2003 | ISS secures its spot in evolving industry | Atlanta Business Journal |
|
| | |
|
|
| 8/18/2002 | Cenzic gets $8M | The Deal |
|
| | |
|
|
| 8/13/2002 | Lines of defense | The Deal |
|
| | |
|
|
| 2/28/2002 | Sourcefire's novel security model lures cash | The Deal |
|
| | |
|
|
