Guest Blog Post
SQL injection attacks exacerbated by work of ‘grey hat’ researchers
January 24, 2010
In this LastWatchdog guest blog post Phil Neray, vice president of database security vendor Guardium, which was acquired by IBM last November, focuses attention on SQL injection vulnerabilities and attacks — and why they remain a substantive threat.
by Phil Neray
VP of Security Strategy, Guardium, an IBM Company
We’ve recently seen a series of SQL injection cyber-attacks conducted by “gray-hats” — including the recent attack …More
Veracode lands Harvard business school dean & Microsoft director Dr. Jim Cash
November 18, 2009
Application security vendor Veracode recently landed a big fish to sit on its board of directors, Dr. Jim Cash, Professor and Senior Associate Dean of the Harvard Business School. Cash sits the boards of General Electric, Microsoft, Wal-Mart, Chubb, Phase Forward, the Boston Celtics and the National Association of Basketball Coaches Foundation. He is a Limited Partner in the LLC that owns the Celtics.
Matt Moynahan, CEO of Veracode, spent five months …More
Why cybercrime is here to stay
November 13, 2009
See related post: Anatomy of a $9.4 million cyber heist
Law enforcement has made great strides overcoming geo-political obstacles in bringing prosecutions in the TJX, Heartland and RBS WorldPay cases. Yet the Internet remains saturated with criminal activity. Cybercriminals continually harvest and cull stolen data and carry out elaborate cash-out schemes using the Web to collaborate. The ring leaders who formed a partnership to snatch $9.4 million in a quick-strike, global ATM heist using data stolen from RBS WorldPay …More
Secure Sockets Layer (SSL) vulnerable to man-in-the-middle hacks
November 12, 2009
Marsh Ray and Steve Dispensa, researchers at authentication services vendor PhoneFactor, recently discovered a gaping security hole in Secure Socket Layer, or SSL. This technology, along with the newer Transport Layer Security, or TLS, gets used widely to secure online retail transactions. A similar SSL vulnerability was discovered by researcher H.D. Moore, of Metasploit fame, in May 2008.
Both discoveries were of the good-guy variety — no one …More
Windows vs. Linux security strengths and weaknesses
October 23, 2009
With the launch of Windows 7 on Thursday 22Oct2009 , Linux vendors, led by IBM, are touting the intrinsic security superiority of Linux vs. Windows. Vendor hype aside, the Windows 7 launch does raise two big questions:
In what way is Windows 7 more secure than Vista or XP?
Is Linux truly more secure than Windows?
Jacob West, Director of Security Research at application security firm Fortify Software, …More
How federal tax incentives could help stem rampant data breaches
October 13, 2009
One idea for motivating organizations to do a better job stemming rampant databreaches: give them tax incentives to do so. Patricia Titus, the former CISO at the Transportation Security Administration within the Department of Homeland Security, and current CISO at Unisys Federal Systems, makes the case in this exclusive LastWatchdog guest blog post. Comments are encouraged.
By Patricia Titus
CISO, Unisys Federal Systems
How do we as a nation address the abysmal …More
Three views on Pres. Obama’s delayed selection of cybersecurity czar
September 15, 2009
Since his historic May 29th speech calling for strong U.S. cybersecurity policy, Pres. Obama has been silent on the topic, as internal White House debate continues about the naming of a cybersecurity adviser reporting directly to Obama. Here are three perspectives on the delay:
Patricia Titus, Chief Information Security Officer, Unisys Federal Systems. LastWatchdog guest blog post. 15Sept2009
While the delay in appointing a national cyber security coordinator is cause for …More