Home Podcasts Videos Guest Posts Q&A News This Week Bio Contact
 

Privacy

 

PODCAST: Former White House CIO — companies need cyber defense strategy

By Byron V. Acohido Theresa Payton honed her cybersecurity skills as the White House’s first female chief information officer, under President George W. Bush. Payton is now president and CEO of cybersecurity consulting company Fortalice Solutions. I had the chance to interview her at the recent Enfuse 2017 cybersecurity conference in Las Vegas. We discussed […]

Q&A: Why WannaCry signals a coming wave of nation-state cyber weapon hacks

By Byron  V. Acohido Companies would be remiss to downplay the profound implications of last month’s headline-grabbing WannaCry ransomware attack. WannaCry was a mere harbinger; the tip of the iceberg. WannaCry happened a few weeks after the Shadow Brokers hacking collective stole dozens of the National Security Agency’s ace-in-the-hole hacking tools. Shadow Brokers futilely tried […]

Q&A: Why dormant SSH keys represent a nightmarish exposure

By Byron V. Acohido A nightmarish new exposure affecting virtually all major networks is just beginning to get the attention of the security community. It involves a fundamental networking protocol—Secure Shell, or SSH. Invented in 1995 by a Finnish programmer named Tatu Ylönen, SSH is an encrypting routine that enables one software application to securely […]

Why certain Heatbleed exposures won’t be so easy for bad guys to exploit

Heartbleed + Android: A Not-So Love Story from Lookout By Byron Acohido, Last Watchdog KINGSTON, Wash. – The security headaches raised by the Heartbleed coding flaw keep expanding. Ars Technica reporter Dan Goodin has broken stories about how the Canadian government and Yahoo Mail have been bitten by Heartbleed exploits in the wild. And there […]

A roadmap for triaging Heartbleed exposures

By Byron Acohido, Last Watchdog The acute notoriety of Heartbleed is a good thing in this sense: it ought to compel CIOs and CISOs to drill down on developing a roadmap for dealing with exposures that could run very deep. The most worrisome aspect of Heartbleed arguably is the fact that  this gaping security hole […]

Heartbleed threat should boost Always On SSL as a best practice

Web site owners who are taking a closer look at their use of the SSL/TSL cryptographic protocols in the aftermath of the disclosure of the Heartbleed bug would be wise to heed the The Online Trust Alliance’s longstanding call to adopt Always On SSL. This best practice calls for using SSL/TLS across the entire website, […]

Q&A: Why FireEye alerts failed to stop Target hackers

By Byron Acohido, Last Watchdog KINGSTON, Wash. – Target paid good money to install FireEye’s malware detection technology last year. FireEye caught the bad guys already inside Target’s network. Alerts were issued – but ignored, according to Bloomberg Businessweek. Were the tools oversold or poorly implemented? Or was dysfunction in Target management more to blame? […]