It is clear that we are in a transition with regards to the way information is published and consumed. Old school media such as newspapers and network news are in decline or are, like the New York Times and the Wall Street Journal, looking for new ways to remain relevant.
The rise of social media as a source of news has both positive and negative aspects. On the positive side the speed of social media has proven hard to match. For example, on November 23, 2010, North Korea shelled Yeongyeong Island in South Korea. My first notification about that event was via Twitter and it was only later that I was able to get confirmation via CNN. Similarly on March 11, 2011, when the earthquake and subsequent tsunami hit Japan with tragic consequences, my first notification was again via Twitter. Clearly first-mover advantage goes to social media, largely due to the lack of overhead and the few barriers to and low cost of publishing.
Recently we saw one of the weaknesses to the often knee-jerk, fast-twitch responses that social media can create with the unfortunate accusations that were falsely leveled at Samsung; statements accusing the Korean manufacturer of putting keylogging software on its laptops. Read More »
Tags: security, social media, twitter
Recent media reports have focused on a mass SQL injection attack involving a malware domain named lizamoon.com. While the lizamoon.com domain is new, this particular series of SQL injection compromises is actually several months old. Cisco ScanSafe logs record the first instance on 20-sep-10 21:58:08 GMT. Since then, various malware domains have been used for a total of 42 domains signifying 42 separate occurrences of these compromises since September 2010. Lizamoon.com was the 41st of these.
Cisco ScanSafe data reveals that from Sept 2010 to Feb 2011, all the compromises were on smaller, low traffic sites. Any encounters likely resulted from Web searches for very niche topic areas. As a result, the number of encounters with these compromised websites remained very low. Most importantly, this attacker is employing severe throttling such that only 0.15% of encounters even result in live content delivery. The remaining 99.85% of encounters are non-resolvable at the time of encounter. The result is a negligible rate of actual encounter with live content.
Read More »
Tags: lizamoon, security, sql injection
Recently, during my daily “let’s see what’s happening today” routine, I read an article that struck me in an eerie — better yet, intriguing — manner. The gist of the story is that a crime ring syndicated from cyber space, consisting of Internet-savvy folks and run-of-the-mill thieves, managed to purchase (let’s just call it what it is, steal) thousands of dollars in products while conducting shopping sprees at Apple stores.
Read More »
Tags: cyber security, cyber space, security
Few people in the world would disagree that a network firewall is an essential component for any size datacenter. In fact, operating without one could be considered by many to be network asset suicide! But adding a firewall to an existing datacenter is by no means a trivial task. In fact, the amount of work that would be required to re-cable every physical interface to properly tie it in with the rest of the network is enough to make many network administrators think twice about just how badly they really need that shiny new firewall, versus just sticking with what they have. Add to that the additional rack space, power, cooling, and management required by the new device, and some serious ROI questions may be raised.
Read More »
Tags: ASA, ASAMC, product launch, security
Today many organizations find themselves addressing concerns over their proprietary information being stolen and their systems being compromised. Some may view this as a single problem since, in most cases, system compromise is an overture to information theft. The most common ways in which computers are compromised include visiting a web site with malicious content, opening a harmful file — malicious or otherwise — attached to an e-mail message, running a program of dubious provenance and clicking the “yes” button on every message that pops up on the screen. Organizations are fighting back by installing virus scanners, blocking known malicious web sites, filtering incoming e-mail and locking down (aka “hardening”) operating systems as much as possible. But let us take a step back and think about this whole situation again.
Read More »
Tags: culture, Internet and life, security