Here’s a good report on the latest trends in attacks, defenses, operational security, IPv6, VoIP, and more from Arbor Networks. Not only is this interesting from a general security perspective, it can also help quantify risks and direct your security resources to areas where they’ll be more effective. Both are critical now that budgets are tighter than we’ve seen in a long time.
Here’s another case where attackers penetrated a company, stole sensitive data undetected for years, and also accessed SCADA networks that control machinery. Companies large and small feel they don’t need to worry about security until it’s too late. I frequently hear “Why would anyone want to attack us, we don’t have anything valuable.” and “Our security is fine, we haven’t had a problem so far.” Just because you think you aren’t a target or that you haven’t been compromised doesn’t mean you’re safe. Companies that think they’re safe are often in the most danger.
Start your Bittorrent clients all you Debian fans, Debian 6.0 “Squeeze” was just released. Always a trusted server distribution and the basis for Ubuntu, Debian is the cool uncle who has it together and everyone knows they can rely on. He doesn’t get as much publicity as well-heeled uncle Redhat or friendly uncle Ubuntu, but he’s a solid guy and everyone has something good to say about him. If you need a clean server distribution and you’ve never tried Debian I highly recommend giving it a shot.
If you’re near San Francisco February 14th or 15th be sure to get over to Security B-Sides. It’s a free, small information security conference with high quality talks. Topics range from technical to analytical, and there was even a demonstration on lock picking last year. It’s very casual, and lunch and beer and provided. Zimmer and Associates is sponsoring the event, and I’ll be there at least one of the days as a volunteer. Hope to see you there.
-Bryan
http://www.securitybsides.com/w/page/30975276/BSidesSanFrancisco
The National Institute of Standards and Technology has released a draft guideline on staying secure when using cloud computing. More companies are putting their IT infrastructure and data into The Cloud, but there are risks associated with giving a critical part of your business to another company. NIST is a US government agency that’s well respected in the security industry, and I highly recommend reviewing this and other guidelines they’ve produced before you drink the Cloud Kool-Aid.
http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf
It seems more and more like the Stuxnet computer worm was created by the governments of US and Israel to stop or slow Iran’s nuclear program. It’s significant because it’s a good example of how hacking can actually have a physical effect (thanks to SCADA networks), and that governments are realizing the power of computer warfare.
Takeaway for most people: Remember that you should never place unknown USB memory sticks in your computer, and realize that unusual behavior can be an indicator of an attack on your system.
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html