Security Balancetrying to bring balance to the Force |
 |
I was reading this post from Richard Bejtlich today and I found this quote from the Verizon Security Blog: “With the exception of new customers who have engaged our Incident Response team specifically in response to a Conficker infection, Verizon Business customers have reported only isolated or anecdotal Conficker infections with little or no broad [...]
Sometimes we spend so much time discussion network based IDS that we end up not looking at other interesting places to look for intrusion signs. There is a very nice post on SANS ISC Diary today about an organization that has one of its border routers compromised and detected it through a periodical configuration file [...]
Hoff posted some nice comments on the Azure’s failure regarding patching the infrastructure used by cloud services. An interesting conclusion about it is that future patching mechanisms will have to be integrated to VMotion-like features, in a way that when you apply an OS patch to the infrastructure it can dynamically deal with that without [...]
I like the spin that Pete Lindstrom gives to some classical security discussions, but I think he is completely missing the point here: “If finding vulnerabilities makes software more secure, why do we assert that software with the highest vulnerability count is less secure (than, e.g., a competitor)?” If we agree with him we could [...]
I read this post from Michael Dahn and I really liked what he called “Attack Vector Risk Management”. Today I saw that the guys from Sensepost also noted the post for the same reasons, and even showed some of their work under the same concept, calling it “Corporate Threat Modeling”. During the last months my [...]
As usual, another very nice post from Mike Rothman, this time about application security. He is mentioning the BSI-MM model, that I mentioned here too in the context of measuring the outcome of security measures. Mike also mentioned, again, the need to REACT FASTER (have I said how nice his “Pragmatic CSO” stuff is?) and [...]
Back in 2007 I noticed (together with Fucs and Victor) that botnet creators had to solve a very important issue to keep controlling the infected computers: how to update the location of the controller? Until then they were including the controller location inside the bot code, so it was easy to find to identify it [...]
One of the best blog posts I read from last week was the “Consensus Audit Guidelines are still controls” from Richard Bejtlich. I really like that he is looking at some suggestions (in this case, the CAG) and pointing that’s just controls, there is nothing about measuring the outputs. That goes directly to the heart [...]
This is a very interesting twist on the interpretation of handing over encryption keys according to the 5th amendment. I had the opportunity to work on a case a long time ago where a suspect of intentional data leak refused to provide the PGP passphrase to a encrypted volume on his computer. I don’t know [...]
