Last week it was reported in the media that two British tourists were detained at Los Angeles International Airport due to the threatening tone of messages on Twitter (“tweets”), as one of the two travelers had said that they were going to “destroy America” on their holiday. It turns out that either the U.S. Department of Homeland Security (DHS) noticed those tweets through their efforts to monitor social media, or, as has been suggested more recently, someone explicitly reported the tweets to DHS as a prank. The legal ramifications of this event are worthy of examination when we consider that this event contains elements of language (slang), location (whose laws apply based on where the alleged events took place), and intent — particularly if the prank allegation turns out to be true. Read More »
Walter Sulym from the Cisco IPS team explains the signature retirement process and how the default configuration is determined.
How many times have we encountered a situation where some part of the software industry starts small, in a closed environment, then grows and attracts a lot of attention before realising that things were not designed properly for this changed environment? On a large scale, I would say three times. It happened with the Internet, operating systems, and system and industrial control systems (also referred to as SCADA). This transition from a closed environment to an open environment inevitably exposes aspects that were overlooked during the development phase. The speed of this transition will only exacerbate the situation. Because SCADA systems are currently going through this transition I will call this a “SCADA Syndrome.”
The Cisco 4Q11 Global Threat Report has been released. The report covers the period from 1 October 2011 through 31 December 2011 and features data from across Cisco Security Intelligence Operations. This quarter’s contributors were Cisco Intrusion Prevention System (IPS), Cisco IronPort, Cisco Security Research and Operations (SR&O), and Cisco ScanSafe.
In this short article the reader will first learn what NetFlow is and how it works. Next the reader will understand how it can be as an important security tool. Finally, a technique for correlating NetFlow results with public sources of Internet reputation, along with the tool “Netoriety,” which implements the technique, will be introduced and explained.
Read More »