Questions to ask vendors to gauge their commitment to “secure products”

Posted · Add Comment

The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake up call for all organizations in all parts of the world to understand that even the best security teams are facing an overwhelming threat. The focused expertise used by today’s cyber-criminals is often beyond the capabilities [...]

If I say it over an over again, it must be true …

Posted · Add Comment

“Keeping to your message, repeat it many many time, and ignore the criticism” are key principles of success in Washington DC policy work. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion. The point is the “message” is a tool to support the [...]

Conficker – the “Fortunate 500″

Posted · Add Comment

Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat  Global Telecom’s, SCADA, and other critical infrastructure.  On the other hand, it is an example of what cyber-civic society can do when [...]

The flaws with the 60 Minute Report on “Cyberwar: Sabotaging the System”

Posted · 1 Comment

We need to expect more out the press, policy makers, and the pontificating “Cyber-warfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a [...]

DDOS Trends Changing – More Effective Attack Classes.

Posted · 1 Comment

I will giving an interview today that the industry has done a poor job in communicating the changes in Denial of Service (DOS) attacks. CERT-FI‘s release of the “Sockstress” details yesterday has a few people confused.  Outpost24 discovered some new TCP state abuse technique which can cause a range of issue on a TCP stack [...]

Beware, Liability does roll down hill

Posted · Add Comment

In my own work, I mention to my peers how everything has changed in today’s Converged Internet/Global Telecommunications world. Liability and accountability rolls down hill. If something happens where the operator is found at fault, that finding does not stop with the operator. It will ‘roll down hill’ to the vendors and now the auditors. [...]

US Military “BOTNETs” Un-Constitutional?

Posted · Add Comment

Every other month we get someone in the US Military ranting about how “we need to go on the offensive,” “we need to build our own BOTNETs,” we need to be better than our enemies.” This expression of anxiety is understandable. It is an express of frustration, where the people who are obligated to protect [...]

 
 
DMS