Guest Blog Post
Why botnets have become invincible
December 29, 2011
When I first wrote about “Zombie networks” in this 2004 cover story, hackers were in the early stages of developing the most efficient ways to systematically infect Internet-connected Windows PCs and convert them into obedient bots — at scale. The big driver back then was to assemble botnets to spread spam.
Today botnets have become the engine that drives all forms of cyber attacks. It’s simple enough …More
RSA’s Coviello: companies face new reality of persistent threats
December 22, 2011
It’s been a breathtaking year for mega databreaches. Security token giant RSA last March disclosed an embarrassing hack in which its crown jewel SecurID tags technology was pilfered.
And tech security journalist Brian Krebs in October shed light on a list (presented to Congress) of 760 organizations that were similarly hacked, including a who’s who of the Fortune 100.
That’s just one subset set of …More
Why someone needs to compel companies to disclose cyberattack details
December 21, 2011
A flurry of mega databreaches rocked the Internet in 2011. They included RSA, Epsilon, Bank of America, HBGary, the U.S. Chamber (twice), Sony (multiple breaches) and DigiNotar. Meanwhile, the most sophisticated attack campaign yet seen, Duqu, has now likely burrowed deep inside dozens of corporations.
Meanwhile, new variants of tried-and-true consumer attacks — ranging from drive-by downloads, to clickjacking to phishing campaigns — have made the …More
Why the FTC’s COPPA revisions fall short
November 9, 2011
The Federal Trade Commission has drawn positive reviews from both Democratic and Republican lawmakers for its proposal to update the Children’s Online Privacy Protection Act, or COPPA.
The 1998 COPPA law bans website publishers and social networks from collecting or using information from children under 13. Enforcement, however, has been spotty. And it’s common practice for website operators to do the minimum to meet the letter …More
The case for wider use of Next Generation Firewalls
November 1, 2011
Cyberattacks have gotten very sophisticated, to say the least.
Traditional perimeter firewalls are still in wide use as a fundamental defense mechanism. But a group of security vendors are pushing for wider use of so-called Next Generation Firewalls, or NGFWs, that integrate firewall, intrusion detection and prevention, application monitoring and authentication and policy-use controls.
These vendors include NSS Labs, Barracuda, Check Point, Cisco, Fortinet, Juniper, Palo Alto Networks and …More
A 23-year-old’s perspective on privacy
October 5, 2011
When he wakes up every morning, Jeremy Pepper, an engineering student at West Virginia University, rolls over, grabs his iPhone, opens USA TODAY’s iPhone app, and glances at headlines. He then checks e-mail, browses favorite Web sites and gets on with his day.
Pepper uses his iPhone and a Windows 7 PC to access the Web. He spends much of his time online using Facebook, Safari, e-mail, Flashlight …More
Why denial of service attacks are harder to detect
September 13, 2011
Hacktivism has risen to new levels. Members of the hacking co-op Anonymous have gained infamy for disrupting the online operations of companies, such as Visa, PayPal and HB Gary, deemed to be misbehaving. Sony has been bedeviled by denial of service onslaughts and data theft stemming from business practices thought by some to be abhorrent. And the antics of the LulzSec hacktivist group has resulted in …More