March 18, 2012    /    by

Perspectives on IT Security in Eastern Europe: First Impressions from Two Very Different Cities

I traveled to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012.

I was blessed with the opportunity to travel to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012. This was the tenth anniversary of this excellent IDC conference series. I previously had the privilege to speak at their event in Moscow two years ago. (After that Moscow conference, I wrote this blog.)  

So here are my initial impressions. I intend to write another piece over the next few months with some more detailed observations. (At the end of this blog, I’ll offer some answers to several background questions related to the trip.) READ MORE

March 8, 2012    /    by

Will New Cybersecurity Legislation Pass in 2012?

Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.

Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.

Mark Weatherford, Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) posted an interesting blog on Tuesday.  Titled: The Private Sector Agrees, We Need Cybersecurity Legislation Now, Mark points out that the status quo is simply not acceptable. READ MORE

March 4, 2012    /    by

Hacker Hangouts: Where the Young and Restless Go to Learn How to Hack

But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.

As discussed in several previous blogs, the term “hacker” can mean many different things to different people.  For a large section of the 15-25 year-olds entering the programming world, hacking is a state of mind. To be a hacker is to apply an aggressive approach to attempting new things or to explore the unknown (or untested) with technology in the 21st century. Of course, you can be a “white hat” or “black hat” hacker (good guy or bad guy). 

 But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people don’t know exist. The hacker hangouts discussed in this blog are not unethical or illegal, but in some cases, it’s difficult to see how some of the materials could be used for good. READ MORE

February 26, 2012    /    by

When Do Social Networks Become a Burden?

How many online social networks have you joined? I'm starting to wonder if there are too many social media sites that I participate in. Is a backlash coming?

  How many online social networks have you joined? There’s the basic list (sites like Facebook, LinkedIn and Twitter) as well as conference interaction websites, Intranet sites at work, online magazine communities, professional association portals, security and technology topical sites (like ‘mobile security’ or ‘cybersecurity for government cloud computing’ within sites like LinkedIn) and so many more.

  Whether we’re discussing work, home, family, sports, kids, church or all of the above, the logons can start to add up. They all want us to engage in new (or more) conversation. Once you’re engaged, it can be tough to disengage. READ MORE

February 18, 2012    /    by

Defining Cyber FUD: The Bad, The Good and The Ugly

FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.

Just in case you haven’t been paying close attention to tech headlines lately or you’ve been totally distracted by Jeremy Lin’s unexpected NBA exploits (also known as Linsanity) or you’ve become turned-off by the constant barrage of bad news related to computer hackers, this has been another bad week in the headlines for cybersecurity. Perhaps, somehow, you’ve missed the latest scary cyber news.

If this describes you, here is a mini-sample of the top news stories that the security industry has been hammered with over the past week: READ MORE

February 7, 2012    /    by

Cyber Training: Are All the Best Technology & Security Conferences Out of State?

It's that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Nevertheless, some of my best experiences have been at security and technology conferences near home.

   It’s that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Whether from vendors, current friends, former colleagues or other security pros who just want to connect, the new offers seem to get more creative every year. There are huge parties, forums, get-togethers, breakfasts and even totally separate conferences (or one-day workshops) running at the same time or before the event.

Of course, the assumption – no, the strong expectation – is that you’ll be in San Fran that week. If you write back that you’re not going this year, the surprised response is always some rendition of “Is everything ok?”  Some of you are probably wondering that about me now – no, I'm not going in 2012 and yes, everything is fine. READ MORE

January 30, 2012    /    by

DMARC Should Reduce Phishing Scams

Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else.

Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else. Participating vendors, many of which provide free email services, aim to make spoofed domains in messages a thing of the past.

Leading technology companies like Google, Microsoft, AOL and Facebook are participating in the system – which is explained and can be examined in detail at DMARC.org. Here is a quote from the new website: READ MORE

January 25, 2012    /    by

Anti-Piracy Legislation Protests Continue: FTC Cyber Awareness Site Down

The Federal Trade Commissions website at www.onguardonline.gov remained down for a second day after it had suffered a security breach.

The Federal Trade Commission’s website at www.onguardonline.gov remained down for a second day after it had suffered a security breach. According to Government Computer News (GCN.com), the group Anonymous hacked the site in protest over proposed anti-piracy laws and recent anti-piracy arrests.

Here’s a quote from GCN's story: READ MORE

January 20, 2012    /    by

DOJ Shuts Down Megaupload, Anonymous Retaliates

This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.

This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload. READ MORE

January 17, 2012    /    by

Wikipedia Protest: Websites Plan Jan 18 Shutdown Over SOPA

On January 18, 2012, Wikipedia and a long list of other popular websites will go dark to protest the proposed Stop Online Piracy Act (SOPA).

Just when you thought you’ve seen it all online …. Along comes something else that’s new and raises plenty of serious tough questions.

On January 18, 2012, Wikipedia and a long list of other popular websites will go dark to protest the proposed Stop Online Piracy Act (SOPA). The Internet is full of stories on this topic. USA Today ran a front page story covering the fast-approaching event. Here’s an excerpt: READ MORE