This is an interesting discussion of the strategic reasons behind Iran’s cyber program including the geopolitical influences.
http://www.darkreading.com/perimeter/why-iran-hacks/a/d-id/1318862
Month: January 2015
Akamai – DNS Hijacking: Dangers and Defenses
This is a great write up from Bill Brenner and the team at Akamai concerning the dangers ad pitfalls of DNS hijacking. It is definitely worth a few minutes of your time and is an area each of us should give serious consideration.
https://blogs.akamai.com/2015/01/dns-hijacking-dangers-and-defenses.html
Sophos – The GHOST vulnerability – what you need to know
Sophos has provided a good overview of the GHOST vulnerability in this article. It is certainly well worth a read.
https://nakedsecurity.sophos.com/2015/01/29/the-ghost-vulnerability-what-you-need-to-know
Krebs – FBI: Businesses Lost $215M to Email Scams
These are staggering and humbling statistics provided by Brian Krebs and should continue to fuel the conversation around end user awareness.
http://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/
US-CERT – Apple Releases Security Updates for OS X, Safari, iOS and Apple TV
This is the US-CERT post concerning Apple security updates for several products.
Critical GHOST vulnerability affects most Linux systems
This article from The Hacker News details a critical security vulnerability discovered in the GNU C Library of most Linux distributions. The Vulnerability is known as GHOST.
http://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html
Akamai – Latest Security Whiteboard Videos
These are wonderful overview videos by Akamai covering several core IT security functions and compliance requirements.
Akamai – Blizzard 2015: The Power Of Redundancy
This article brings up several important questions. How prepared is your organization for a significant outage? How prepared is your organization to support numerous remote workers during a significant weather event? Can your organization support a completely remote or mobile workforce in the event of an emergency? The Blizzard of 2015 is a great example of an event that can prompt an incident response even without the loss of facilities and data centers.
https://blogs.akamai.com/2015/01/the-power-of-redundancy-at-planetary-scale.html
Tenable – Committing to the 12-Step Program of PCI DSS: Regularly Test Security
This is additional sound wisdom from Jeff Man at Tenable. You can never test security too much. I realize that many of us live in worlds with resource constraints, but you should always schedule and dedicate resources to testing and validation.
http://www.tenable.com/blog/committing-to-the-12-step-program-of-pci-dss-regularly-test-security
Bruce Schneier and Edward Snowden @ Harvard Data Privacy Symposium 1/23/15
I must say that I am very intrigued by this conversation. These are two interesting security dynamics.
Virtual Sweater Vest 