No glitch, just poor key management

Imagine my surprise when I opened today’s Washington Times and saw an above the fold article titled “Glitch Imperils Swath of Encrypted Records.”  It’s already getting pretty deep. “In the worst-case scenario, most of the data on the servers of every company in  the developed world gets wiped out,” Tatu Ylonen, chief executive officer of SSH  …

Continue reading ‘No glitch, just poor key management’ »

Preventing Phishing the Company From Your Domain

If a phish or spam comes into your company with a From address of your company’s domain, recipients may be more likely to take action.   That quick decision can lead to compromised computers.  Coca-Cola found itself the victim of a hack when an email masqueraded as Coca-Cola’s chief executive, sending an email to Paul Etchells, Coca-Cola’s deputy president …

Continue reading ‘Preventing Phishing the Company From Your Domain’ »

You only have to scan the ones you want to keep

Growing up, my dentist had a sign “You don’t have to brush all your teeth, just the ones you plan to keep.”  I thought of that when talking to Qualys recently. As we look ahead to IPv6, vulnerability scanning needs to be addressed.   Old methods like scanning IP ranges don’t work when scanning IPv6.   Qualys’ …

Continue reading ‘You only have to scan the ones you want to keep’ »

Gmail’s State Sponsored Attack Warning

This week, after logging into my Gmail, I was greeted by the message below. “Warning: We believe state-sponsored attackers may be attempting to compromise your account.” In June, Google announced plans for this sort of attack.  At that time, I expected these alerts to be seen by Tibetans targeted by China.   It’s not the …

Continue reading ‘Gmail’s State Sponsored Attack Warning’ »

Dr. Johannes Ullrich and the Principle of Least Priviledge

In an article posted this afternoon at Forbes, Dr. Ullrich compares network professionals who disable unneeded features with slumlords.   He starts comparing a Bible for Section 8 landlords with network security.   For those who don’t know, Section 8 housing  is housing for the poor that is government subsidized.   So, I guess he is also comparing users to …

Continue reading ‘Dr. Johannes Ullrich and the Principle of Least Priviledge’ »