March 28, 2012    /    by

Is America Outgunned in Cyber?

Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."

Shaun Henry, the FBI’s top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that “we’re not winning” and that the current approaches being used by the public and private sectors are:  “… Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them.”

 The WSJ article entitled: U.S. Outgunned in Cyber War also reported that Henry said: READ MORE

March 22, 2012    /    by

Lawsuits Challenge Privacy Policies

Internet privacy has long been a hot-button issue. Central questions are being asked about who owns what data, how that data can be used by various companies to target individuals in marketing and whether users can opt-in or opt-out of various data-sharing approaches. Just as in other areas of life in America in 2012, these questions are often end up being settled in the courts.

Internet privacy has long been a hot-button issue. Central questions are being asked about who owns what data, how that data can be used by various companies to target individuals in marketing and whether users can opt-in or opt-out of various data-sharing approaches. Just as in other areas of life in America in 2012, these questions are often settled in the courts.

Now, Google is facing a class action lawsuit over its new privacy policy. Computerworld reported that Google faces complaints that they changed earlier privacy policies which promised that information obtained by one service will not be used by another service. Beyond consumer complaints and online criticism, a new group seeks to bring nationwide class action on behalf of holders of Google accounts and owners of Android devices from Aug. 19, 2004 to Feb. 29, 2012, who continued to maintain the Google accounts and own the devices after the new privacy policy came into effect on March 1 this year. READ MORE

March 18, 2012    /    by

Perspectives on IT Security in Eastern Europe: First Impressions from Two Very Different Cities

I traveled to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012.

I was blessed with the opportunity to travel to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012. This was the tenth anniversary of this excellent IDC conference series. I previously had the privilege to speak at their event in Moscow two years ago. (After that Moscow conference, I wrote this blog.)  

So here are my initial impressions. I intend to write another piece over the next few months with some more detailed observations. (At the end of this blog, I’ll offer some answers to several background questions related to the trip.) READ MORE

March 8, 2012    /    by

Will New Cybersecurity Legislation Pass in 2012?

Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.

Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.

Mark Weatherford, Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) posted an interesting blog on Tuesday.  Titled: The Private Sector Agrees, We Need Cybersecurity Legislation Now, Mark points out that the status quo is simply not acceptable. READ MORE

March 4, 2012    /    by

Hacker Hangouts: Where the Young and Restless Go to Learn How to Hack

But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.

As discussed in several previous blogs, the term “hacker” can mean many different things to different people.  For a large section of the 15-25 year-olds entering the programming world, hacking is a state of mind. To be a hacker is to apply an aggressive approach to attempting new things or to explore the unknown (or untested) with technology in the 21st century. Of course, you can be a “white hat” or “black hat” hacker (good guy or bad guy). 

 But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people don’t know exist. The hacker hangouts discussed in this blog are not unethical or illegal, but in some cases, it’s difficult to see how some of the materials could be used for good. READ MORE

February 26, 2012    /    by

When Do Social Networks Become a Burden?

How many online social networks have you joined? I'm starting to wonder if there are too many social media sites that I participate in. Is a backlash coming?

  How many online social networks have you joined? There’s the basic list (sites like Facebook, LinkedIn and Twitter) as well as conference interaction websites, Intranet sites at work, online magazine communities, professional association portals, security and technology topical sites (like ‘mobile security’ or ‘cybersecurity for government cloud computing’ within sites like LinkedIn) and so many more.

  Whether we’re discussing work, home, family, sports, kids, church or all of the above, the logons can start to add up. They all want us to engage in new (or more) conversation. Once you’re engaged, it can be tough to disengage. READ MORE

February 18, 2012    /    by

Defining Cyber FUD: The Bad, The Good and The Ugly

FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.

Just in case you haven’t been paying close attention to tech headlines lately or you’ve been totally distracted by Jeremy Lin’s unexpected NBA exploits (also known as Linsanity) or you’ve become turned-off by the constant barrage of bad news related to computer hackers, this has been another bad week in the headlines for cybersecurity. Perhaps, somehow, you’ve missed the latest scary cyber news.

If this describes you, here is a mini-sample of the top news stories that the security industry has been hammered with over the past week: READ MORE

February 7, 2012    /    by

Cyber Training: Are All the Best Technology & Security Conferences Out of State?

It's that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Nevertheless, some of my best experiences have been at security and technology conferences near home.

   It’s that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Whether from vendors, current friends, former colleagues or other security pros who just want to connect, the new offers seem to get more creative every year. There are huge parties, forums, get-togethers, breakfasts and even totally separate conferences (or one-day workshops) running at the same time or before the event.

Of course, the assumption – no, the strong expectation – is that you’ll be in San Fran that week. If you write back that you’re not going this year, the surprised response is always some rendition of “Is everything ok?”  Some of you are probably wondering that about me now – no, I'm not going in 2012 and yes, everything is fine. READ MORE

January 30, 2012    /    by

DMARC Should Reduce Phishing Scams

Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else.

Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else. Participating vendors, many of which provide free email services, aim to make spoofed domains in messages a thing of the past.

Leading technology companies like Google, Microsoft, AOL and Facebook are participating in the system – which is explained and can be examined in detail at DMARC.org. Here is a quote from the new website: READ MORE

January 25, 2012    /    by

Anti-Piracy Legislation Protests Continue: FTC Cyber Awareness Site Down

The Federal Trade Commissions website at www.onguardonline.gov remained down for a second day after it had suffered a security breach.

The Federal Trade Commission’s website at www.onguardonline.gov remained down for a second day after it had suffered a security breach. According to Government Computer News (GCN.com), the group Anonymous hacked the site in protest over proposed anti-piracy laws and recent anti-piracy arrests.

Here’s a quote from GCN's story: READ MORE