Cisco Blogs

Cisco Blog > Security

The Inside on the Inside Cisco SIO Network World Article

Several of us recently had the pleasure of working with Ann Bednarz from Network World on her feature article, “Inside Cisco Security Intelligence Operations” (SIO). We were all very pleased with the resulting article and her ability to capture and convey the intricacies of Cisco SIO. Considering the size, complexity, diversity, and distribution of the teams and technologies that make up our security operations, we knew that capturing these details and understanding Cisco SIO could have its challenges.

Read More »


Top of Mind: Cybercrime–This Time It’s Personal

The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.

The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).

Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.

Read More »

Tags: , , , , , ,

Securing Your Virtual Infrastructure

Virtualization provides extraordinary benefits to organizations of all sizes. By moving multiple workloads into one physical server, companies have been able to optimize the usage of their data center infrastructure, minimize procurement and operational costs, and increase the overall efficiency of their operations. The growing number of organizations migrating mission-critical workloads to virtual environments has created a critical need to evolve infrastructure security to include these hybrid environments.

Read More »

Life After Anonymous – Interview with a Former Hacker

The hacker group Anonymous has been in the news recently for a variety of reasons, including WikiLeaks, the HBGary breach, and other things. One recent item was a relatively high-profile defection from the organization, the departure of SparkyBlaze for a variety of reasons, including being “fed up with anon putting people’s data online and then claiming to be the big heroes.”

I run the @CiscoSecurity Twitter feed, so I spend a lot of time on Twitter, and saw that @SparkyBlaze was an active user, so I pinged him with a DM in an effort to get his side of the story. I also wanted to get a glimpse into things on the other side – it is probably in the best interest of everyone in the security industry to have a better understanding of Anonymous and others in the underground hacker community. While the human factors were of some interest, I was also really curious about his take on the state of corporate security and wanted to see what he had in the way of concrete recommendations for organizations wanting to prevent breaches and break-ins.

Some might ask, are we giving an illegal hacker a platform? I would say, no. Sparky himself says it very clearly: “Stay away from black hat hacking. White hat hacking is a lot more fun, you get paid for it, it is legal. A conviction for hacking and leaking a database will affect you for the rest of your life.”

Read More »

Resources for the Apache HTTP Server Denial of Service Vulnerability

Recently sample code was posted publicly that exploits a denial of service vulnerability in the Apache HTTP Server. This particular vulnerability is receiving considerable industry attention given the popularity of Apache httpd and amid reports that exploitation has been seen in the wild. This vulnerability has been assigned CVE ID CVE-2011-3192 and currently scores a 7.8/6.3 using CVSS.

By combining inefficiencies inside the web server software with a protocol design peculiarity, an attacker could consume substantial server CPU and memory by issuing requests that contain many overlapping Range or Request-Range values. Successful exploitation would consume server resources to the point of starving those needed to field legitimate requests from other users.

Read More »