Cisco Blogs

Cisco Blog > Security

A New Year and New Opportunity for Security

Just over a year ago, I was invited to join ongoing discussions with retired Lt. General Harry Raduege, Scott Charney and Representatives Langevin and McCaul, as well as other industry, academia, and government representatives who were engaged in an impassioned debate. The topic? Cybersecurity strategy and direction for the next President. How would we advise the incoming President about protecting and securing our country’s information systems?

Formulated within the Center for Strategic and International Studies (CSIS), we discussed the evolving online threats, how our current approaches and technologies stack up against these threats, and how these factors – and others – impact the online world in ways that affect U.S. critical infrastructure and our way of life. In late December 2008, we completed a report of our recommendations, and shortly after that the Comprehensive Cyber Security 60-day review was completed.

Read More »

The 3D Secure Protocol: Implementation Flaws and Possible Resolutions

National Data Privacy Day is celebrated annually on January 28th in the United States, Canada, and a few European countries, with a focus on educating computer users about the protection of personally identifiable information on the World Wide Web. As we move towards a world where a significant portion of one’s daily life involves interaction with the World Wide Web, the National Data Privacy Day aims to bring about an increased awareness among users about protection of their online rights, methods to control personally identifiable information online, and regulations currently in place to that effect. The focus revolves around end-user education, even in scenarios where the technology used to ensure end-user privacy may not be adequate due to implementation flaws. An example of such an unfortunate scenario was recently demonstrated by researchers at the University of Cambridge, United Kingdom (UK). The researchers published a paper that describes implementation flaws in the 3D Secure (3DS) protocol, used for authentication verification when Visa or MasterCard based credit card transactions are performed (Verified by Visa/MasterCard SecureCode). The paper suggests that the approach to securing credit card transactions is liability driven, rather than security driven, ultimately resulting in a protocol implementation that is not end-user friendly.

Read More »

Mail – Got Mail? Got Criminals!

Who gets mail? We all do.

Mail arrives from a variety of public sector sources such as the court system inviting you to jury duty or county assessor providing you with the annual assessment and tax bill. You may also receive in your mail box your credit card statements, and personal correspondence. Perhaps your medical service provider or insurer mails to you an explanation of benefits. Merchants send you opportunities to appreciate their services. Similarly, we all have e-mail addresses; some of us have more than one. Our use of these addresses may be identical to that of our physical mail box. Sadly, the mail, both physical and electronic, is also used by the criminal world to perpetrate fraud.

Ask yourself this question: When mail is processed, arrives or is dispatched, where and how does this occur? Simple enough? Let’s discuss.

Read More »

Text Message Donations May Revolutionize Giving, Scamming

The American Red Cross had a tremendously positive response when it announced a mobile phone giving campaign in the wake of the January 12, 2010 earthquake in Haiti. The campaign was announced at 9pm on Tuesday, Jan 12; by 10am Thursday, Jan 14, the group had collected $3.4 million through mobile donations alone. Each text of the word ‘HAITI’ to the number 90999 was a $10 donation. 340,000 people gave $10 each in just over 36 hours.

I didn’t give a dime via my cell phone. The whole thing smelled like a scam to me, but 340,000 of my fellow Americans did not agree. I was wrong on this one. But given the ubiquity of scams surrounding the Haiti disaster, it would be good to know how we can tell when to trust these campaigns, or when not trust them, down the road.

Read More »

Gartner Recognizes Cisco as a Leader in the Magic Quadrant for SSL VPNs

Mobility is changing the world we work in, and the recent launch of Google’s phone shows that smartphones are here to stay. Whether we are talking about iPhones, Blackberries, or Nokia, Samsung, and Google smartphones, people are using these devices and their laptops to connect to work and personal information, no matter where they are located.

Workers must ensure that they have a secure connection when they are mobile and the key to ensuring secure remote connectivity is VPN technology. Cisco continues to invest in VPN solutions to help the mobile workforce remain secure when they are out of the office with innovative solutions that provide a seamless and secure connectivity experience.

Last month, Gartner recognized and positioned Cisco as a leader in the 2009 Magic Quadrant for SSL VPNs.

Read More »