Are you prepared for the next DoS Extortion attack? Armada Collective “like” DoS extrusion attacks are picking up. It is time to review those “DoS” preparation checklist. This white paper explore the data that would need to be collected to successfully push back on DoS attacks. It includes information your “DoS Defense Allies” will need to help you mitigate, remediate, and potentially whack down the DoS attack.
Demande Security from your Vendors. Ask the right “Security Questions.” This provides a list of questions that anyone can use with their vendors to get a better understanding of their security capabilities. Start meaningful “Security Conversations.”
What is the best time for a vendor to Disclose a Vulnerability? Vulnerability disclosure is the most painful activity for any software/hardware company. Conversely, receiving vulnerability notifications from any vendor is one of the most disruptive events any organization can encounter. Rapid and unexpected vulnerability patches are a massive operational disruption. What follows are some
This is part “2.1” of a multipart post to help organizations take security action. Stay tuned for next week’s practical security checklist item. Board members, CxOs, and professionals are saturated with security advice. This security advice is often confusing, contradictory, and always biased toward “buying something.” “Good security advice saturation” results in paralysis of action.
Are you ready for the next attack? As many of my colleagues know, I’m constantly on the look out for tools that would help my peers in all networks find ways to mitigate the security risk in their operations. At MYNOG 5 (www.mynog.org) I reviewed the latest tool, a checklist operators can use to prepare
This is the first in a series of Security Workshops that I will be teaching in the region. Most will be in Indonesia and other parts of ASEAN. Stay tuned or connected to me via Linkedin to get updates. Understanding the Real Cyber Security Threat Where: @ America Pacific Place Mapp – Level 3 – Jakarta Indonesia.
Every vulnerability is a security lesson that will either be repeated or used to improve the organization. Lessons from Heartbleed is no different. IMHO “The Matter of Heartbleed” is a mandatory paper for all security professionals! It points out the dynamics of a critical Internet vulnerability and how organizations respond. As a minimum, read the
What security questions are you asking your vendors? The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake-up call for all organizations in all parts of the world to understand that even the best security teams are facing an overwhelming threat. The focused expertise used by
RIPE has publicly responded to the surprise felt by members of the DCWG and others involved with the Rove Digital/DNS Changer clean up community. The statement on their web page is as follows: 15 Aug 2012 — ripe ncc As reported in previous announcements, the RIPE NCC will go to court in the Netherlands on
DNS Changer Update As of Friday morning (August 10, 2012), the IP address blocks used by the DNS Changer – Rove Digital criminal operations have been re-allocated by RIPE-NCC and advertised to the Internet: http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC001&query=1&arg=220.127.116.11%2F20 http://www.ris.ripe.net/dashboard/18.104.22.168/20 As a reminder, the Rove Digital/DNS Changer Crew used the following IP address blocks for their nefarious activities: 22.214.171.124/20