Don Parker

Improving cybersecurity?

It was with some amusement that I read the following. I don’t know why they need a whole task-force composed of experts to come up with a strategy to better safeguard their cyber assets. Much as we all know, it all comes down to implementing standard procedures. The key though is in making sure the foot-soldiers ie: the sys admin’s actually implement this plan. Point in case, how often have we seen systems hacked because they did not have a patch installed, or a system actually connected to the Internet while it was being hardened . Let’s not over complicate things here. Stick to the basics and make darn sure that you actually stick to the game plan.
Technorati Tags: Cybersecurity, Network Security, Hack

Adobe PDF exploit

Most of you have likely heard about the recent surge in the use of the Adobe PDF exploit. Personally, I have received a few emails containing it but I was not able to actually look at the attachment. It was too late, as my provider had caught it. Kind of a bummer as I wanted to crack it open in a hex editor and also Olly. Have any of you been getting these attachments at your work or home? The volume does not seem to be too bad so far. If any of you have got a sample feel free to send it my way. Send me an email first though .
Technorati Tags: PDF exploit, Adobe, Microsoft, Virus

Spyware equals $$$

Well, if there was ever a doubt that spyware is big business give the following a read. I seriously doubt anyone will shed a tear now that the company has shut its doors. It is hard to comprehend though just how spyware can be so lucrative. That said, when you have millions of computers at your disposal, so to speak, the revenue can quickly add up. It is nice to see also that the government is taking this type of electronic annoyance more seriously by beginning to hand out some stiff fines.
Technorati Tags: Spyware, Trojan, Virus, Exploit

Identity theft

I just read this piece on identity theft. So it then came as a funny coincidence that my insurance policy came to me in the mail. Part of my policy gives me coverage for identity theft. A whopping $10,000.00 is what I am covered for. There is little doubt that identity theft is a real problem. Question is though, just how widespread is it? To my knowledge there is no one that I know who has been a victim of this. What about you guys? Anyone you know affected by this?
Technorati Tags: Identity theft, Computer security

Rebinding attacks

There is an interview with some security researchers about the perils of rebinding attacks. Now the reporting of this new attack vector, as it were, was of some interest from a technical standpoint. The thing of it is though that I can’t say I have heard of it being widely exploited. Have any of you? This exploit brings to memory the big fuss several years ago about the reset attack. That research was presented at CanSecWest amongst much angst that the whole Internet was now ripe for exploitation and that any session could be disconnected. Well, thing of it is, nothing of the sort ever happened. While the attack was possible it was not very feasible, hence the lack of its use. That brings me back though to this DNS rebinding. Is it also one of those attacks? While technically feasible, it is not very practical in nature for those people who would use it? Your thoughts?
Technorati Tags: Rebinding attack, DNS, Exploit

Reader thoughts?

It has occurred to me that many sites or blogs only expend air on what it is that they think is important. With this in mind I think it important to open up the floor to what you would consider interesting or topical? Any thoughts that you would like to not only share with me, but also with other readers of the blog? Computer security is after all a community. We are only as strong as the individual contributor. Don’t be shy! Send me your thoughts and or discussion points.
Technorati Tags: Blog, Computer securitiy, Community

Cybersecurity and the military

Well it would seem Uncle Sam is once again becoming focused on Cyberwarfare. This only makes sense as militaries don’t only use machine guns and hand grenades to carry out the business of going to strange lands and blowing up people . Computers are very much an integrated component of any modern military. More so even for the American military. It then only makes sense to try and secure those assets. One of the biggest reasons for computer breaches is the lack of timely patch management. That plus the judicious use of 0 day code. The former is easily mitigated by enforcing proper patch management practices. The latter is a different beast entirely but one which can be minimized by the usual defense in depth. A network is only as strong as its weakest link ie: Layer 8, the human interface. Perhaps it is time to ratchet up the pressure on people when it comes to best practices by ensuring they carry them out.
Technorati Tags: Cyber-warfare, Hacking, 0 day

Collecting of personal information

It seems that almost everywhere you go for shopping today they are asking you to provide a lot of information. If I buy a pair of pants or paint at the hardware store I am being asked for my phone number, postal code and so on. There is absolutely no need for this, beyond it being of benefit to the retailer in terms of marketting. The recent upsurge in database breaches though has some retailers asking for relief from having to electronically warehouse credit card transactions. While a welcome development it is only coming about due to self-interest on the part of retailers. A good number of whom have been on the hook for a lot of dollars due to database breaches. For me though it all comes back to us having to give out an unreasonable amount of information every time we conduct some transaction. There is absolutely no need for it. Anyone have any thoughts on this?
Technorati Tags: Database breach, Credit card fraud

P2P and your networks

I have spoken to some people recently who have begun to aggressively filter out P2P protocols on their corporate networks. After having undergone some performance issues a network survey was undertaken at one colleagues place of work. It was found that an enormous amount of bandwidth was being used by people using several types of P2P protocols to download various media at work. The sole reason for the crackdown was not because of bandwidth consumption only, but also the very real problem of copyright infringement and the possible legal fallout arising from that. Question is, are any of you undertaking any similar style crackdowns?
Technorati Tags: P2P, Copyright infringement, Network survey

Scroll to Top