Older Entries »

New Intelligence Squared debate – The “Cyber-War” threat has been Grossly Exaggerated

By bgreene, on May 26th, 2010

Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York  and second for setting up a Oxford style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the over hype, exaggeration, and fiction expounded by “individuals” who call themselves “experts” stirring up the . . . → Read More: New Intelligence Squared debate – The “Cyber-War” threat has been Grossly Exaggerated

One comment   Cyberwar    

Conficker – the “Fortunate 500″

By bgreene, on December 16th, 2009

Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat  Global Telecom’s, SCADA, and other critical infrastructure.  On the other hand, it is an example of what cyber-civic society can do when cyber-citizens . . . → Read More: Conficker – the “Fortunate 500″

Leave a comment   CyberCrime, Cyberwar, SP Security, hijacking malware   , ,  

NSP-SEC Top 10 SP Security Techniques – Updated Slides

By bgreene, on November 14th, 2009

At NANOG 47, I gave an update to the NSP-SEC Top 10 Security Techniques. This tutorial has the video posted on the NANOG archives.

I’ve posted the slides here for those who have not viewed or downloaded them.

Slides 1 – 127

Slides 128 – Finish

Questions, suggestions, and views are welcomed.

. . . → Read More: NSP-SEC Top 10 SP Security Techniques – Updated Slides

One comment   Cyberwar, SP Security, Security, Resiliency, and Scaling Blog, Telecom   , , ,  

The flaws with the 60 Minute Report on “Cyberwar: Sabotaging the System”

By bgreene, on November 9th, 2009

We need to expect more out the press, policy makers, and the pontificating “Cyber-warfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a story . . . → Read More: The flaws with the 60 Minute Report on “Cyberwar: Sabotaging the System”

One comment   Cyberwar, SP Security, Security, Resiliency, and Scaling Blog   , ,  

DDOS Trends Changing – More Effective Attack Classes.

By bgreene, on September 9th, 2009

I will giving an interview today that the industry has done a poor job in communicating the changes in Denial of Service (DOS) attacks. CERT-FI‘s release of the “Sockstress” details yesterday has a few people confused.  Outpost24 discovered some new TCP state abuse technique which can cause a range of issue on a TCP stack (see . . . → Read More: DDOS Trends Changing – More Effective Attack Classes.

One comment   SP Security, Security, Resiliency, and Scaling Blog   , , ,  

The Problem with the “Cyberwar” Dialog – it is easily poluted …..

By bgreene, on August 17th, 2009

Watching discussions about cyberwar is an humorous diversion in the day. Take this New York Times article, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk.” It starts interesting, talking about a battle plan that was considered as a lead in to the 2003 attack on Iraq. Good News! War planning is good. Evaluating collateral . . . → Read More: The Problem with the “Cyberwar” Dialog – it is easily poluted …..

Leave a comment   SP Security

Beware, Liability does roll down hill

By bgreene, on June 2nd, 2009

In my own work, I mention to my peers how everything has changed in today’s Converged Internet/Global Telecommunications world. Liability and accountability rolls down hill. If something happens where the operator is found at fault, that finding does not stop with the operator. It will ‘roll down hill’ to the vendors and now the auditors.

Check out . . . → Read More: Beware, Liability does roll down hill

Leave a comment   SP Security, Security, Resiliency, and Scaling Blog, Telecom

US Military “BOTNETs” Un-Constitutional?

By bgreene, on May 1st, 2009

Every other month we get someone in the US Military ranting about how “we need to go on the offensive,” “we need to build our own BOTNETs,” we need to be better than our enemies.” This expression of anxiety is understandable. It is an express of frustration, where the people who are obligated to protect the . . . → Read More: US Military “BOTNETs” Un-Constitutional?

Leave a comment   SP Security, Security, Resiliency, and Scaling Blog

Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

By admin, on April 29th, 2009

I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end:

“… Full Disclosure vs Non-Disclosure debate is dead. I leaned this because my E-mail box did . . . → Read More: Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

Leave a comment   SP Security, Security, Resiliency, and Scaling Blog

Reflections on “X.805″ Certification?

By bgreene, on April 22nd, 2009

While walking through E-mail, doing my morning [[SITREP]], and sipping coffee I was surprise to see a request from a peer asking about X.805 Certification info.  What is “X.805 Certification?”

For those who have never run into [[X.805]], it is a [[ITU]] security reference model submitted by Lucent from their security practices team. As seen by the . . . → Read More: Reflections on “X.805″ Certification?

Leave a comment   SP Security   , ,  
 
  Older Entries »