According to this article, nearly 80 percent of security products failed to perform as intended when first tested and generally required two or more cycles of testing before achieving certification, according to a new ICSA Labs report. Having lived my prior professional life "in the belly of the software development beast" I can only say, 'Wow, 20% actually worked as advertised?"
The other interesting finding included in the report was that 44 percent of security products had inherent security problems. Security testing issues range from vulnerabilities that compromise the confidentiality or integrity of the system to random behavior that affects product availability.
Things to keep in mind (and ask pointed questions about) the next time a security systems vendor comes calling.
Cheers,
Dave
Monday, November 16, 2009
Monday, November 9, 2009
Hacking to turn off the lights
CBS News is reporting that several power outages in Brazil over the past several years were the result of hackers taking control of the power grid. This was part of a "60 Minutes" segment on cyber warfare. The scary part (the main thrust of the 60 Minutes segment) is that much of the U.S. power grid may also be vulnerable.
Chers,
Dave
Chers,
Dave
Monday, November 2, 2009
Peer-to-peer leaks
It seems a congressional staffer took home an Ethics Committee report that named names and deeds. That's not so bad but they then put it on their home system and their peer-to-peer software shared it with the world. The Washington dirt is interesting but the second page has just a little coverage of how the leak occurred toward the bottom of the page:
The Washington Post article
One of the selling points Vericept used when I worked there was that they monitored all network traffic; not just common ports. We saw quite a bit of really interesting stuff that no one dreamed had been shared. In this case, there's not much anyone could have done to stop this leak other than restricting access to the report and requiring that it not be taken home.
Cheers,
Dave
The Washington Post article
One of the selling points Vericept used when I worked there was that they monitored all network traffic; not just common ports. We saw quite a bit of really interesting stuff that no one dreamed had been shared. In this case, there's not much anyone could have done to stop this leak other than restricting access to the report and requiring that it not be taken home.
Cheers,
Dave
Monday, October 19, 2009
Another round of scareware
The BBC had this article on the latest round of scareware. Nothing like getting the end user to pay to install your trojan. What's really sad is the people who get scammed this way not only pay for the trojan but then their identity gets stolen since they give a credit card number to the scammers.
I had to laugh when I'd get these during an earlier round of scareware adverts a couple of years ago since I've been running Linux as my primary OS since 1998. SIGH.
Cheers,
Dave
I had to laugh when I'd get these during an earlier round of scareware adverts a couple of years ago since I've been running Linux as my primary OS since 1998. SIGH.
Cheers,
Dave
Tuesday, October 13, 2009
In-depth Look at Wal-Mart Hack
Wired has a long and detailed article looking into a hack of Wal-Mart in 2005 and 2006. The hack wasn't reported because, apparently, no customer data was compromised. Besides the discussion of how the attack was perpetrated the article also goes into some of the Payment Card Industry (PCI) requirements and how they should have played into making the hack impossible had Wal-Mart been in compliance.
Cheers,
Dave
Cheers,
Dave
Monday, October 12, 2009
SSL Still Mostly Misunderstood
"The biggest issue is the general population doesn't know what SSL is, why they're using it, and it's ingrained in them that it always makes them secure, which is not always the case," says Tyler Reguly, senior security engineer for nCircle. While 83 percent of users check they're using an SSL-secured session before entering their credit card information on a Website, only 41 percent do so when typing in their passwords. To make matters even worse, "You see surveys saying that anywhere from 30 to 60 percent of users are using the same password everywhere, so they're probably using it for on-line banking, too."
According to this article at DarkReading, this problem isn't confined to just end-users. More than half of the respondents don't know what Extended Validation SSL (EVSSL) is and how it differs from SSL, while 36 percent say they do. Interestingly, most of them are aware that SSL traffic can be sniffed without their knowledge. Even so, nearly one-third say the only purpose of SSL is to encrypt their traffic so it can't be sniffed.
Lots more interesting statistics in the article regarding how many people in the survey commit a variety of security sins.
Cheers,
Dave
According to this article at DarkReading, this problem isn't confined to just end-users. More than half of the respondents don't know what Extended Validation SSL (EVSSL) is and how it differs from SSL, while 36 percent say they do. Interestingly, most of them are aware that SSL traffic can be sniffed without their knowledge. Even so, nearly one-third say the only purpose of SSL is to encrypt their traffic so it can't be sniffed.
Lots more interesting statistics in the article regarding how many people in the survey commit a variety of security sins.
Cheers,
Dave
Friday, October 9, 2009
A question of subnets and net masks
This really isn't a security story but I found it amusing and it includes some good stuff about netmasks, subnets and such. As usual with stuff from the CentOS mailing list, click on the subject to get to the rest of the discussion thread. The link I posted avoids some of the preliminaries.
Cheers,
Dave
Cheers,
Dave
Subscribe to:
Posts (Atom)
About Me
- DaveAtFraud
- B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.