Current Topics
From Mary Brown | November 13th, 2009
Eric Chabrow at GovInfoSecurity.gov interviews Yvette Clarke who chairs the house subcommittee that is responsible for cybersecurity. She speaks to the status of the cybersecurity czar position as well as speaking to initiatives being proposed for national data breach and national identification laws.
Listen to the podcast or read the transcript and let us know what you think about the role of congress in creating national cybersecurity rules and practices.
Tags: congress, cybersecurity, podcast
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0 
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | November 10th, 2009
Security researchers are lining up along both sides of the issue as to whether or not the recently discovered vulnerability in SSL is actually significant or not. What do you think about the seriousness of this issue and what do you factor in when deciding where to apply mitigation resources? Read more here and share your insights.
Tags: SSL
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | October 29th, 2009
Zarestel Ferrer blogs about a new variant of ransomware that has been discovered. The exploit encrypts documents that have file extensions most commonly used in business and then requests $100 in exchange for the key. Computer Associates (CA) have made available a tool for decrypting the documents without having to pay the ransom money.
Have you encountered an example of ransomware? If so, tell us your story.
Tags: decryption, ransomware
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | October 23rd, 2009
Noah Shachtman at Wired.com reports on a business relationship between a segment of the CIA and an Internet company that uses specialized data mining tools to monitor the activity going on in the social networking sites like Twitter and Facebook. Personal privacy laws in the U.S. require the government to use discretion when violating the privacy of U.S. citizens. These social networking sites provide a huge amount of personal information that would not be available, were it not being offered up to the public.
Is this another example of where there is a tension between the potential benefit to security and the potential abuse of privacy? Do users of social networking sites fully understand what will happen to the data they post, and would they alter their behavior if they were made aware? Share your thoughts. Post a comment.
Tags: data mining, information, Internet, personal privacy laws, privacy, security, social networking
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | October 21st, 2009
Many of us who work in information security have long bemoaned the shortcomings of using passwords as an authentication factor. One of the first alternatives to passwords in the form of two factor authentication was the token that would generate a one time password solution. An interesting alternative to this token solution is an ‘out of band’ solution that involves pushing a password to the mobile phone of the user.
Are any of you currently using these or any of the out of band solutions to authenticate users? Share your experiences/thoughts by posting a comment.
For more information read this white paper. Also, check out phonefactor.com and authentify.com.
Tags: authentication, information security, mobile phone, out of band, password, passwords, two factor authentication
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Dr. Steven Brown | October 13th, 2009
Politics is a way of life it seems, but sometimes we need to remove the politics and turf wars that do not nothing to help the security of the United States. Good and continued leadership is critical to run any organization, but with the Government’s cybersecurity program, leadership – it seems – keeps turning over. The latest person to leave states "bureaucratic obstacles and a lack of authority to fulfill her mission." (Read Another U.S. Cybersecurity Official Resigns).
There’s a big difference between authority and responsibility, the Government cannot give a department the responsibility to protect us, without the authority to do so.
Please feel free to comment.
Dr. Steven Brown
Tags: authority, bureaucratic, cybersecurity, cybersecurity program, politics, responsibility
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | October 8th, 2009
Robert McMillan writes about the possibilities of a robot inside your home being used as an attack point by a hacker. He suggests that it would be prudent to get ahead of the curve and learn from the past. Too often the IT industry develops technologies and then waits to see how they can be misused before actually doing something to prevent it. Do you think the IT industry has learned their collective lesson and have begun to understand the need to design with security in mind?
Share your thoughts.
Tags: computer, hacker, IT, robot, technologies
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Dr. Steven Brown | October 8th, 2009
The latest large scale phishing attacks not only show that people are still somewhat vulnerable to giving up personal information — they also show that we are creatures of habit. One reason why this attack was so large was that, as creatures of habit, we use the same password for multiple accounts. Once a password is figured out, all a hacker has to do is read your PC’s cookie file. Then they know the sites you’ve been on and can try logging into those sites as well. Changing/using different passwords is not difficult. There are a number of password generating software applications that you can use to create and store your passwords in an encrypted manner.
This attack has gotten so bad that even the FBI does not bank online. Read more about the attack in the New York Times.
I don’t necessarily think you need to go this far, but there are things you can do to better protect yourself.
Tags: hacker, information secruity, password, personal information, phis phry, phishing, phishing attack
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Mary Brown | October 2nd, 2009
Janet Napolitano released an announcement today as part of celebrating Information Security Awareness Month that the Department of Homeland Security has been given permission to hire up to 1000 information security professionals. However, there was no mention of filling the long awaited slot for the Information Security Czar, and given the heat that the administration is taking on the number of Czar’s, it may well be that even if the spot is filled it will be renamed as a way of avoiding the controversy associated with that title.
What do you think?
Tags: Department of Homeland Security, Security Awareness Month, Security Czar, security professionals
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
Current Topics
From Dr. Steven Brown | September 30th, 2009
Jerry Dixon, a former executice with Homeland Security, US-CERT and the National Cyber Security Division (NCSD) discusses the state of cybercrime and some of the new threats that are faced — botnets, denial of service, fraud, etc. — are just a few of the threats that are continuing to cause problems, and it goes to show that these problems are not ceasing, they are evolving – and it also shows how
You may need to subscribe to view the videopod.
What are your thoughts?
Tags: botnets, cybercrime, denial of service, fraud, Homeland Security, National Cyber Security Division
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
You can leave a response, or trackback from your own site.
