I recently had the opportunity to fly out to HQ and while this was not my first opportunity to do air travel this year (refer to my blog about Alaska) I did make some observations about business travel, and trust me, they relate to Manufacturing. By the way, and I do this totally tongue in cheek, part of the trip was to record some new videos to give you all more reason to see me and make fun of me. So hang on! That’s my plug to come back. Read More »
Tags: Alaska, backpack, Blu-ray, coffee, Denver, full body scanners, gateways, Greece, HDTV, Italy, machine builders, Manufacturing, Milwaukee, Open, plug and play, productivity, Rockwell Automation, safety, san jose, security, spill, standard, travel
Once again it’s time for Cisco’s semi-annual Cisco IOS Software Security Advisory Bundled Publication. Today’s edition of the bundle contains a total of nine IOS-related advisories and one non-IOS advisory for the Cisco Unified Communications Manager (CUCM) family of products. Included in the 10 Security Advisories are a total of 19 Cisco Bug IDs, each one representing an individual vulnerability.
Read More »
Tags: IOS, psirt, security, vulnerability
I was disheartened to read about the 22 September arrest of alleged LulzSec/Anonymous member Cody Kretsinger (known by the handle ‘recursion’) by the FBI as a suspect in the SQL injection attacks on multiple Sony websites. Note that I was not sad to see the good guys bust a cybercriminal, but I was sad to see a nice guy I had met and talked to briefly at BlackHat Las Vegas 2011 turn out to be a suspect wanted by the FBI.
Cody Kretsinger, second from right, at BlackHat 2011
One of the things we at Cisco try to do is reach out to those studying infosec and wanting to make a career in security. At BlackHat Cisco had a contest where the winner got a Pwnie Express PWN Phone, effectively a modified Nokia N900 with some pentesting software loaded. A group of guys, volunteers with the show from an IT school, were fascinated by the PWN Phone – possibly because in their circle a couple of them had Nokia N900s, a device relatively unknown in North America but somewhat popular in certain hacking circles due to the fact that its OS is Linux-based and thus can be made to run things like metasploit (like the PWN Phone does).
Read More »
Tags: Anonymous, cyber crime, FBI, hacking, LulzSec, Proxy, security
When talking about vulnerabilities, the Cisco PSIRT has probably seen it all. Vulnerabilities that can be exploited over the network, vulnerabilities that need local access, and vulnerabilities that need physical access. Vulnerabilities that affect integrity, confidentiality, and availability. Vulnerabilities at the operating system level, at the application level, or at the protocol level. Hands down, the most time consuming and complex to handle are those involving a protocol -- we need to investigate each and every Cisco product that implements the affected protocol. And if the vulnerability is in, say, IPv4… the investigation will require significant time and resources.
But there is one kind of report that makes the heart of any PSIRT Incident Manager sink -- an email from a customer asking “How do I fix these vulnerabilities?”. And attached to the email -- a report from a vulnerability scanner.
Read More »
Tags: security, vulnerability assessment
Many have argued that the PCI DSS, Payment Card Industry Data Security Standard is too complex to be realistic in a real-world environment. Cisco takes the opposite stance maintaining that the principles and security standards contained within the documentation should actually be considered a minimum. The true challenge being not in the implementation but in the ongoing management -- the maintenance if you will.
This show promises to layout a simplified view of the standard with real-world, practical advice where anyone can find exactly how they would apply their unique situation. We have pulled out all the stops with our story-telling and top notch guests as we have members of the standards board, networking experts and certifies QSA auditors joining us.
PCI. It’s not just for Breakfast
It’s amazing how many networks fall into the “compliance required” category. For PCI it only takes one credit card transaction to be at risk…but rather than focus on the negativity of the required audit – this topic and the maturity of the standard is actually good for ANYONE interested in protecting their data. You may have the typically binary response as to whether this show applies to you…but I think you need to give it a go. You may be surprised….the show and the Shownotes are after the jump.
Read More »
Tags: compliance, credit card, JimmyRay_Purser, pci, retail, robb boyd, security, TechWiseTV