What questions should we be asking about the eBay breach?

What questions should we be asking about the eBay breach?

Shortly after the eBay press release hit the wire, the media started calling to ask for my feedback on the whys and the hows of this latest debacle. “Why did this happen?” “Why does it keep happening?” “Why do breaches seem to be getting bigger all the time?” The answer is simple: because information is increasingly valuable. With…

Critics of Microsoft’s XP patch decision fail to see the big picture

Critics of Microsoft’s XP patch decision fail to see the big picture

Punditry is a never ending race to distract and influence large audiences with antagonistic points of view put forward by quasi-intellectual iconoclasts. Often derided as irrelevant, the practice is alive and well in the IT space, where it benefits not from the captive audience of cable TV viewers but from the social media bump afforded…

Is Heartbleed deceptively easy to fix?

Is Heartbleed deceptively easy to fix?

From the day the world learned about the infamous OpenSSL crypto vulnerability, the Heartbleed fix has been available and the organization’s terse recommendation has been to apply the patch or re-compile the code without the heartbeat feature. Easy, right? Banks, major sites, associations and other organizations have issued comforting statements indicating that they were unaffected and if they were,…

Millions of Target customers should expect a surprise in their inboxes

Millions of Target customers should expect a surprise in their inboxes

What was already a catastrophically large security breach became ridiculously monumental today as Target notified the public that an additional 30 million customers have been added to the previous total of 40 million victims. In Target parlance, ‘guests’ are customers, visitors, online shoppers and anyone who still dares to darken their steps in light of the new…

Do your PCs leak valuable intel with every Windows error report?

Do your PCs leak valuable intel with every Windows error report?

Anyone familiar with any version of Microsoft Windows is largely desensitized to the reality of occasional crashes. These range from process failures you never see to Windows Explorer shutdowns that cause all your icons to be jolted back into existence after your desktop flashes back to life. Behind the scenes, a process called Windows Error…

Did the NSA Deal Fatally Damage the RSA Brand?

Did the NSA Deal Fatally Damage the RSA Brand?

Secrecy is not a poor security practice as much as a compromise of integrity. EMC’s RSA Security division recently made headlines when its enterprise products were expertly hacked, undermining the security of thousands of organizations globally and embarrassing the industry pioneer. The company, whose illustrious founders – Ron Rivest, Adi Shamir and Leonard Adleman – are rock stars in the security industry. It…

(Why You Should Develop) A Passion for (Protecting) the Intangible

(Why You Should Develop) A Passion for (Protecting) the Intangible

People often confuse information protection with IT security. One of the reasons I resist the compartmentalization of my craft as an automated, software driven process is that as important as it is, IT security not only reduces the scope of my work by at least two-thirds, but it misses the point of what it means…

Are online banking apps, mobile ransomware a match made in cybercrime heaven?

Are online banking apps, mobile ransomware a match made in cybercrime heaven?

In a recent report, antivirus software maker McAfee (now safely in Intel’s hands and no longer related to notorious troublemaker/troubadour John McAfee) reports a vast increase in the number of unique instances of ransomware for mobile phones. If the thought of losing access to your data gets your attention, having your smartphone commandeered by cybercriminals on…

News that will send you scrambling (your data)

News that will send you scrambling (your data)

This may hint at my advancing years, but I distinctly recall being in awe, at least a couple of decades ago, at the ambitious scope of an international effort of cross-espionage called ECHELON that had already been in operation for some 30 years. It was an undertaking of massive proportions where 5 countries (the US,…

Does anti-virus software make things worse?

Does anti-virus software make things worse?

According to the handy Wolfram Alpha search engine, some 24.5 years have passed since the introduction of the first Internet virus. And the first self-replicating malware to exist on the Internet’s precursor, the ARPANET had already made waves in 1971, itself practically forced into existence by the fertile imagination of science-fiction writers of the previous decade in…

End of content

End of content